Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:697296
MD5:dc355e77931f3a3480c2b786e245f8f9
SHA1:c58983fc53a1e89bcf5718caca81d422ba2fb21f
SHA256:7da458389eb1c4f7eb3a0889b9bedaf3a6416cf4ad6c558a85756b760f1d6cc5
Infos:

Detection

RedLine
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Tries to load missing DLLs
Detected TCP or UDP traffic on non-standard ports
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64native
  • file.exe (PID: 4540 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DC355E77931F3A3480C2B786E245F8F9)
    • file.exe (PID: 6040 cmdline: C:\Users\user\Desktop\file.exe MD5: DC355E77931F3A3480C2B786E245F8F9)
    • file.exe (PID: 3352 cmdline: C:\Users\user\Desktop\file.exe MD5: DC355E77931F3A3480C2B786E245F8F9)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["195.54.170.157:16525"], "Bot Id": "1289804401", "Authorization Header": "139c242025d9881024ce5bc26de4c39f"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000C.00000000.151021654989.0000000000402000.00000004.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        0000000C.00000000.151021654989.0000000000402000.00000004.00000400.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_3d9371fdunknownunknown
        • 0x13301:$a1: get_encrypted_key
        • 0x129fb:$a2: get_PassedPaths
        • 0x1142a:$a3: ChromeGetLocalName
        • 0x12bfc:$a4: GetBrowsers
        • 0x19638:$a5: Software\Valve\SteamLogin Data
        • 0x18ed8:$a6: %appdata%\
        • 0x12720:$a7: ScanPasswords
        0000000C.00000002.151694920742.0000000002FF2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0000000C.00000002.151694920742.0000000002FF2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.0.file.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              12.0.file.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                12.0.file.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                • 0x19ca8:$pat14: , CommandLine:
                • 0x12ccc:$v2_1: ListOfProcesses
                • 0x12a8c:$v4_3: base64str
                • 0x136cf:$v4_4: stringKey
                • 0x1123f:$v4_5: BytesToStringConverted
                • 0x1033a:$v4_6: FromBase64
                • 0x117b2:$v4_8: procName
                • 0x11ac8:$v5_1: DownloadAndExecuteUpdate
                • 0x12963:$v5_2: ITaskProcessor
                • 0x11ab6:$v5_3: CommandLineUpdate
                • 0x11aa7:$v5_4: DownloadUpdate
                • 0x11eaa:$v5_5: FileScanning
                • 0x11460:$v5_7: RecordHeaderField
                • 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                12.0.file.exe.400000.0.unpackWindows_Trojan_RedLineStealer_3d9371fdunknownunknown
                • 0x13701:$a1: get_encrypted_key
                • 0x12dfb:$a2: get_PassedPaths
                • 0x1182a:$a3: ChromeGetLocalName
                • 0x12ffc:$a4: GetBrowsers
                • 0x19a38:$a5: Software\Valve\SteamLogin Data
                • 0x192d8:$a6: %appdata%\
                • 0x12b20:$a7: ScanPasswords

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                Timestamp:192.168.11.20195.54.170.15749813165252850286 09/04/22-20:22:53.118164
                SID:2850286
                Source Port:49813
                Destination Port:16525
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:195.54.170.157192.168.11.2016525498132850353 09/04/22-20:22:08.231498
                SID:2850353
                Source Port:16525
                Destination Port:49813
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.11.20195.54.170.15749813165252850027 09/04/22-20:22:06.110556
                SID:2850027
                Source Port:49813
                Destination Port:16525
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Machine Learning detection for sample
                Source: file.exeJoe Sandbox ML: detected
                Source: 12.0.file.exe.400000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["195.54.170.157:16525"], "Bot Id": "1289804401", "Authorization Header": "139c242025d9881024ce5bc26de4c39f"}
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: msvcp100.i386.pdb source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmp
                Source: Binary string: \Analyze\AnalyzeData_win32_Release\AnalyzeData.pdb source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmp
                Source: Binary string: msvcp120.i386.pdb source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmp
                Source: Binary string: \Analyze\AnalyzeData_win32_Release\AnalyzeData.pdbn source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmp

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.11.20:49813 -> 195.54.170.157:16525
                Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.11.20:49813 -> 195.54.170.157:16525
                Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 195.54.170.157:16525 -> 192.168.11.20:49813
                Yara detected Generic Downloader
                Source: Yara matchFile source: 12.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Joe Sandbox ViewASN Name: VALICOM-ASPT VALICOM-ASPT
                Source: Joe Sandbox ViewIP Address: 195.54.170.157 195.54.170.157
                Source: global trafficTCP traffic: 192.168.11.20:49813 -> 195.54.170.157:16525
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157
                Source: unknownTCP traffic detected without corresponding DNS query: 195.54.170.157

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 12.0.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 12.0.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
                Source: 0000000C.00000000.151021654989.0000000000402000.00000004.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 12.0.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 12.0.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
                Source: 0000000C.00000000.151021654989.0000000000402000.00000004.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
                Source: C:\Users\user\Desktop\file.exeCode function: 12_2_0117F8C812_2_0117F8C8
                Source: C:\Users\user\Desktop\file.exeCode function: 12_2_015D2F7012_2_015D2F70
                Source: C:\Users\user\Desktop\file.exeCode function: 12_2_015D86C012_2_015D86C0
                Source: C:\Users\user\Desktop\file.exeCode function: 12_2_015D504812_2_015D5048
                Source: C:\Users\user\Desktop\file.exeProcess Stats: CPU usage > 98%
                Source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAnalyzeData.dll vs file.exe
                Source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemsvcp100.dll^ vs file.exe
                Source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemsvcp120.dll^ vs file.exe
                Source: C:\Users\user\Desktop\file.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: edgegdi.dllJump to behavior
                Source: file.exeStatic PE information: invalid certificate
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exeJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exeJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@5/1@0/1
                Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.91%
                Source: C:\Users\user\Desktop\file.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
                Source: 12.0.file.exe.400000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                Source: file.exeStatic file information: File size 5672232 > 1048576
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x4e2e00
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: msvcp100.i386.pdb source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmp
                Source: Binary string: \Analyze\AnalyzeData_win32_Release\AnalyzeData.pdb source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmp
                Source: Binary string: msvcp120.i386.pdb source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmp
                Source: Binary string: \Analyze\AnalyzeData_win32_Release\AnalyzeData.pdbn source: file.exe, 00000002.00000000.149816400827.0000000000DA6000.00000002.00000001.01000000.00000003.sdmp
                Source: C:\Users\user\Desktop\file.exeCode function: 12_2_01175962 push F002E47Ch; ret 12_2_0117596D
                Source: file.exeStatic PE information: real checksum: 0x5671dc should be: 0x577713
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                Source: C:\Users\user\Desktop\file.exe TID: 2560Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\file.exe TID: 5584Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\file.exe TID: 5536Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\file.exe TID: 7796Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 6969Jump to behavior
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lUHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1_none_3a58d94ffaa9d897\vmswitch.sys
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l[HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_en-us_447494df1222bcd8
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4\WindowsHyperVClusterUninstall.moft-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae\ft-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lXMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1165
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.1_none_47b46fcdda46dc1d\RemoteFileBrowse.dll
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135\hvservice.sys.mui
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec13\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd\WindowsVirtualization.V2.moft-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87\f
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l[Microsoft-Hyper-V-Online-Services-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.92
                Source: file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.610_none_dec94c194a7d9cf6\vfpctrl.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1110.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.1_none_30a02f8ac0551efb\vid.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1165_none_f9388606107572b3\nvspinfo.exe
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87\r
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1110.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: laC:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1_none_5d53c007157a9f0b
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15\vhdparser.sys
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.19041.1_none_1ce7d3781003c70f\Hyper-V.Types.ps1xml
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lkC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.1_none_ab3c0ef9f5d858c0
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l[Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1_none_f78a0f1a11ae717c\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1052_none_aa1b5c7a14ea46dd\ft-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1_none_e64260e504e2ce32\hvax64.exet-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\rt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1_none_e64260e504e2ce32\kdhvcom.dll
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_8d8c2e85b98ddf69\wshhyperv.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955\vmicrdv.dll.muit-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l[Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.867.mum
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lUMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.111
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1_none_29421b2ffbc5ca5c\vmbkmcl.sys
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1165_none_f9388606107572b3
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1_none_884ef285596dd594\vmbkmclr.syst-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1165_none_f9388606107572b3\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec13\n
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec13\nt-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l`HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.867.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.928_none_e22c6ae2239eceef\ft-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d\WindowsVirtualization.V2.mflt-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lUHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1023.mum
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.928_none_b96c565fe61a4dfa\VmEmulatedStorage.dll
                Source: file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1_none_ba0c8961643f1b8b\vmdebug.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1023.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.928_none_1ce84af23e15656c\vmsynthfcvdev.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l[Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87\vmsmb.dll.muit-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1081_none_ab73ed7a140b868c\ft-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1_none_eb319bc9ff262eec\vmwp.exet-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l~Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\ft-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.mum
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lYHyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.19041.1_en-us_168291f09487ebd5\Hyper-V.psd1t-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1_none_ba0c8961643f1b8b\vmdebug.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lcC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l[HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.928_none_1fa9f09ad10e24e0\rt-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lKMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5\SnapInAbout.dll.muit-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lWHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.48
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.1_none_47b46fcdda46dc1d\RemoteFileBrowse.dllt-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1165_none_f9388606107572b3\f
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lTMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lhC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.19041.1_none_30c4d3b8c03afdd6
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.1_none_e9372a65640b0bcf\HyperVSysprepProvider.dllt-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c\Hyper-V.ps1
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1165_none_f9388606107572b3\r
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\rt-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lYMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.48
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Manage
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l[Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87\vmsmb.dll.mui
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: liC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1_none_eb319bc9ff262eec
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lOMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-us_7f1134951b6fe2f2
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149946861508.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149987774521.00000000085A2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149908360528.000000000616F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_97e0d8d7edeea164
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1_none_b6a6a2ae8b1ec7b0\vfpctrl.exe
                Source: file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-n..tcapture-powershell_31bf3856ad364e35_10.0.19041.1_none_4bf902d1685e1d06\MSFT_NetEventVmNetworkAdatper.format.ps1xml
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1_none_f4c869717eb5b208
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd\*
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l]Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lhC:\Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135\hvservice.sys.muit-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.19041.1_none_3f6b6ada79aa7a69\pvhdparser.syst-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: laHyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1081_none_ab73ed7a140b868c\vmms.exet-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: laHyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.610_none_dec94c194a7d9cf6\vfpapi.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lXMicrosoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981\VmSynthFcVdev.dll.mui
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpMicrosoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.1
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5\VmEmulatedStorage.dll.muit-
                Source: file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.610_none_dec94c194a7d9cf6\vfpext.sys
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lkC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67\ft-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4\WindowsHyperVClusterUninstall.mof
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l]HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.48
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.928_none_1ce84af23e15656c\vmsynthfcvdev.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a380741b2ac7b04
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l]HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.48
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lcC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1_none_884ef285596dd594
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.1_none_914c74df26ba9a96\VmEmulatedStorage.dll
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lkC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1_none_e5031cd2031d874a\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d\WindowsVirtualization.V2.mfl
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lbC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1_none_29421b2ffbc5ca5c
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.cat
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l]Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_8d8c2e85b98ddf69
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.19041.1_none_50b60ffc14c70fb2\Hyper-VReplicaMetadata_v1.xsd
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06\RemoteFileBrowse.dll.muit-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-us_78dfc47123c58895\WindowsHyperVCluster.V2.mfl
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lfC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.928_none_1ce84af23e15656c
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1_none_3a58d94ffaa9d897\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l~C:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec13\wshhyperv.dllt-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lYMicrosoft-Hyper-V-Hypervisor-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.19041.1_none_8b74d6c4b2fcd095\synth3dvideoproxy.dllt-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c\Manifest.psd1t-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a380741b2ac7b04\vmsynth3dvideo.dll.mui
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae\rt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.mum
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.19041.1_none_a7bb53746630ebd3\ramparser.sys
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_en-us_447494df1222bcd8\vid.dll.muit-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.928_none_1fa9f09ad10e24e0\vmicrdv.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lqC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1110.mum
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwMicrosoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.48
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lqC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1110.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\vid.dll
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lYHyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lTHyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lWMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lSHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.111
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.1_en-us_c92f752e3f016999\vmsmb.dll.mui
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lPHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1_none_f78a0f1a11ae717c\vmicrdv.dll
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.928_none_b96c565fe61a4dfa\rt-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l]HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.92
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lRMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lkC:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.19041.1_none_3f6b6ada79aa7a69\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.19041.1_en-us_168291f09487ebd5\Hyper-V.psd1
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1_none_e5031cd2031d874a\vmsmb.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61\winhv.syst-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-gb_71570953289cd4d0\*
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~~10.0.19041.1165
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lTMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.19041.1165
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\ft-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611\winhvr.sys
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\servicing\Packages\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1_none_3a58d94ffaa9d897\nvspinfo.exet-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6\hvhostsvc.dll.muit-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1165_none_a5220d9b1aae684e
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lUMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.928_none_e22c6ae2239eceef\f
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.mum
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06\RemoteFileBrowse.dll.mui
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lRMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1081_none_ab73ed7a140b868c\rt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1_none_ba0c8961643f1b8b\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379\hvhostsvc.dll
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_50c23e4c771f203a
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.928_none_b96c565fe61a4dfa\*
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1_none_e64260e504e2ce32\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lPMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.19041.1165
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.928_none_e22c6ae2239eceef\r
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.1_none_47b46fcdda46dc1d
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-us_7f1134951b6fe2f2\WindowsVirtualization.V2.mflt-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1_none_f4c869717eb5b208\vmsynthfcvdev.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.928.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\vid.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c\Hyper-V.sch
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lVMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.1023.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67\f
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a380741b2ac7b04\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.928.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l}C:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5\virtmgmt.msct-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\rt-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\f
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lVMicrosoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67\RemoteFileBrowse.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.1023.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790\vmms.exe.muit-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67\r
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.928_none_e22c6ae2239eceef\*
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1_none_e64260e504e2ce32\kdhvcom.dllt-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lSMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.19041.116
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l~C:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\r
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.928_none_b96c565fe61a4dfa\VmEmulatedStorage.dllt-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1165_none_a5220d9b1aae684e\hvloader.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.1_none_0d51a8a399d5452c
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149946861508.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1_none_b6a6a2ae8b1ec7b0
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1_none_f4c869717eb5b208\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.928_none_1ce84af23e15656c\ft-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.19041.1_none_d7dfb451bd621127\passthruparser.syst-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.928_none_b96c565fe61a4dfa\f
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ljC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1_none_ba0c8961643f1b8b
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.928_none_1fa9f09ad10e24e0\f
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.1_none_914c74df26ba9a96\*
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1165_none_f9388606107572b3\vmswitch.syst-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l}C:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5\virtmgmt.msc
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ljC:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.19041.1_none_a7bb53746630ebd3\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ljC:\Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15\*
                Source: file.exe, 00000002.00000003.149946861508.00000000071A3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.610_none_dec94c194a7d
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.928_none_b96c565fe61a4dfa\r
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.19041.1_none_30c4d3b8c03afdd6\RdvGpuInfo.dllt-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96\lunparser.sys
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1_none_f78a0f1a11ae717c
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.19041.1_none_62d29611d5954e4f\Hyper-V.psd1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.1_none_0d51a8a399d5452c\vmrdvcore.dllt-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1_none_f78a0f1a11ae717c\vmicrdv.dllt-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.1_none_47b46fcdda46dc1d\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.928_none_e22c6ae2239eceef
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\ft-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.1_none_0d51a8a399d5452c\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.928_none_1fa9f09ad10e24e0\r
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lZHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l~C:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_50c23e4c771f203a\ramparser.sys.muit-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4\WindowsHyperVCluster.V2.moft-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1_none_3a58d94ffaa9d897
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5\Hyper-V Manager.lnk
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de\vmswitch.sys.muit-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.19041.1_none_8b74d6c4b2fcd095\vmsynth3dvideo.dll
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1_none_e64260e504e2ce32\hvix64.exe
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: leC:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.928_none_8573a187d4da526f\ft-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lYMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-gb_71570953289cd4d0\WindowsHyperVCluster.V2.mflt-
                Source: file.exe, 00000002.00000003.149946861508.00000000071A3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lZamd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1_none_b6a6a2ae8b1e
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981\VmSynthFcVdev.dll.muit-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lPMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.19041.1
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135\*
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luMicrosoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\vsconfig.dllt-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5\VmEmulatedStorage.dll.mui
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1165_none_a5220d9b1aae684e\hvservice.sys
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ljC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.19041.1_none_30c4d3b8c03afdd6\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ljC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.1_none_30a02f8ac0551efb\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: leC:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.19041.1_none_8b74d6c4b2fcd095
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1_none_e64260e504e2ce32
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.928_none_1fa9f09ad10e24e0\*
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.1_none_e9372a65640b0b
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lYMicrosoft-Hyper-V-Online-Services-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c\Manifest.psd1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.928.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ldC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1_none_ec871523fe4a3c37\vmms.exet-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lkC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.19041.1_none_43a9017744e82ca8\SnapInAbout.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l~C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1_none_e64260e504e2ce32\hvservice.sys
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1_none_e5031cd2031d874a\vmsmb.dllt-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87\ft-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.928.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.1_none_e9372a65640b0bcf\HyperVSysprepProvider.dll
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: laMicrosoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\vmrdvcore.dllt-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_8d8c2e85b98ddf69\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955\vmicrdv.dll.mui
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lhC:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: liC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1_none_e5031cd2031d874a
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-us_78dfc47123c58895\WindowsHyperVCluster.V2.mflt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\servicing\Packages\Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae\vmsmb.dllt-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ee8ada67d246bda\*
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lUMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\servicing\Packages\Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lZHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lhC:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.19041.1_none_a7bb53746630ebd3
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.19041.1_none_50b60ffc14c70fb2
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd\WindowsVirtualization.V2.mof
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lkC:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-us_7f1134951b6fe2f2\*
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmdebug.dl
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lQMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.19041.
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1165_none_f9388606107572b3\ft-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1_none_f4c869717eb5b208\vmsynthfcvdev.dll
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwMicrosoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.48
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lqC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae\vmusrv.dll
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l^Microsoft-Hyper-V-Online-Services-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.19041.1_none_8b74d6c4b2fcd095\synth3dvideoproxy.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.928_none_1fa9f09ad10e24e0
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.19041.1_none_d7dfb451bd621127\passthruparser.sys
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l^HyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67\rt-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae\vmusrv.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lTMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611\winhvr.syst-
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: leC:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.928_none_8573a187d4da526f\*
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l}C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1_none_e64260e504e2ce32\hvloader.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\ft-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd\WindowsVirtualizationUninstall.moft-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lUMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.19041.1_none_d7dfb451bd621127
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-VReplicaMetadata_v
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.928_none_8573a187d4da526f\vmhgs.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-gb_71570953289cd4d0
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744\pvhdparser.sys.muit-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: liC:\Windows\servicing\Packages\Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1_none_3a58d94ffaa9d897\nvspinfo.exe
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ljC:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67\RemoteFileBrowse.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-us_78dfc47123c58895
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ee8ada67d246bda\vmdebug.dll.muit-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lVMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\vsconfig.dll
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1_none_eb319bc9ff262eec\vmwp.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-us_78dfc47123c58895\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\WinSxS\amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.19041.1_none_d7dfb451bd621127\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744\pvhdparser.sys.mui
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lPMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24
                Source: file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.610_none_dec94c194a7d9cf6\r
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l~C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1165_none_a5220d9b1aae684e\hvix64.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lqC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1_none_3a58d94ffaa9d897\VmsProxyHNic.sys
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.1_none_ab3c0ef9f5d858c0\vsconfig.dllt-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: liC:\Windows\servicing\Packages\Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1052_none_aa1b5c7a14ea46dd\f
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lMMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.19041.
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lvC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.1_en-us_c92f752e3f016999\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1052_none_aa1b5c7a14ea46dd\r
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lVMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.610_none_dec94c194a7d9cf6\f
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1_none_29421b2ffbc5ca5c\vmbkmcl.syst-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l~C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1165_none_a5220d9b1aae684e\hvax64.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: liC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1_none_ec871523fe4a3c37
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ljC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l|C:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1165_none_a5220d9b1aae684e\kdhvcom.dllt-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.928_none_e22c6ae2239eceef\vmdebug.dllt-
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lWHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.48
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: loC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\servicing\Packages\Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lYMicrosoft-Hyper-V-Hypervisor-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1_none_3a58d94ffaa9d897\vmswitch.syst-
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lwC:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5\SnapInAbout.dll.mui
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lsC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l{C:\Windows\servicing\Packages\HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lzC:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: llC:\Windows\servicing\Packages\Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lVMicrosoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a380741b2ac7b04\vmsynth3dvideo.dll.muit-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ltC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.928_none_1ce84af23e15656c\rt-
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lxC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87\rt-
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lmC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61\winhv.sys
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1_none_ec871523fe4a3c37\vmms.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lOMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\servicing\Packages\Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.149867432667.00000000064E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lcC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c\*
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: luC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\servicing\Packages\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: leC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61\*
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\HyperVSysprepProvider.dll
                Source: file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150035638230.0000000007842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1165_none_a5220d9b1aae684e\kdhvcom.dll
                Source: file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lWHyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~~10.0.19041.115
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lyC:\Windows\servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.149856057666.0000000003C61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat
                Source: file.exe, 00000002.00000003.149966120304.00000000087F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lnC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1052_none_aa1b5c7a14ea46dd\*
                Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exeJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exeJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l C:\Windows\SysWOW64\procdump.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lpC:\Windows\WinSxS\amd64_windows-defender-service_31bf3856ad364e35_10.0.19041.1_none_7b973051f62a1a6d\MsMpEng.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lrC:\Windows\WinSxS\amd64_windows-defender-service_31bf3856ad364e35_10.0.19041.746_none_a39f6d9ab59bd8b7\MsMpEng.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l-C:\Program Files\Windows Defender\MsMpEng.exe
                Source: file.exe, 00000002.00000003.150007792526.0000000006E42000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150053959895.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.150107107870.0000000008091000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l C:\Windows\System32\procdump.exe

                Stealing of Sensitive Information

                barindex
                Yara detected RedLine Stealer
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: 12.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000000.151021654989.0000000000402000.00000004.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.151694920742.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: Yara matchFile source: 0000000C.00000002.151694920742.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                Remote Access Functionality

                barindex
                Yara detected RedLine Stealer
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: 12.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000000.151021654989.0000000000402000.00000004.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.151694920742.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid Accounts221
                Windows Management Instrumentation                		1
                DLL Side-Loading                		11
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		231
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		Exfiltration Over Other Network Medium1
                Encrypted Channel                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol2
                Data from Local System                		Exfiltration Over Bluetooth1
                Non-Standard Port                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)231
                Virtualization/Sandbox Evasion                		Security Account Manager231
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
                Obfuscated Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.common1
                DLL Side-Loading                		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.exe10%ReversingLabs
                file.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                12.0.file.exe.400000.0.unpack100%AviraHEUR/AGEN.1234971Download File

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                No contacted domains info

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                195.54.170.157
                		unknownunknown
                		51171VALICOM-ASPTtrue

                General Information

                Joe Sandbox Version:35.0.0 Citrine
                Analysis ID:697296
                Start date and time:2022-09-04 20:17:53 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 10m 53s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:file.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                Run name:Suspected Instruction Hammering
                Number of analysed new started processes analysed:14
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal96.troj.spyw.evad.winEXE@5/1@0/1
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 135
                • Number of non-executed functions: 2
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Adjust boot time
                • Enable AMSI
                • Stop behavior analysis, all processes terminated

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe
                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wdcpalt.microsoft.com, client.wns.windows.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                • Execution Graph export aborted for target file.exe, PID 3352 because it is empty
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtOpenFile calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                20:22:51API Interceptor14x Sleep call for process: file.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                195.54.170.157q1wLT3xKiY.exeGet hashmaliciousBrowse
                  9n6ctoq7cn.exeGet hashmaliciousBrowse
                    xZ4q0nNSPX.exeGet hashmaliciousBrowse
                      9n6ctoq7cn.exeGet hashmaliciousBrowse
                        WSkT8d093C.exeGet hashmaliciousBrowse
                          em1B8DcC72.exeGet hashmaliciousBrowse
                            JMDc707Z03.exeGet hashmaliciousBrowse
                              22nuoItfxs.exeGet hashmaliciousBrowse
                                l5Pmw9b4cO.exeGet hashmaliciousBrowse
                                  FgHKF9V3FB.exeGet hashmaliciousBrowse
                                    2JxF8anOVP.exeGet hashmaliciousBrowse

                                      Domains

                                      No context

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      VALICOM-ASPTq1wLT3xKiY.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      9n6ctoq7cn.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      xZ4q0nNSPX.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      9n6ctoq7cn.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      WSkT8d093C.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      em1B8DcC72.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      JMDc707Z03.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      22nuoItfxs.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      l5Pmw9b4cO.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      FgHKF9V3FB.exeGet hashmaliciousBrowse
                                      • 195.54.170.157
                                      2JxF8anOVP.exeGet hashmaliciousBrowse
                                      • 195.54.170.157

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                      Download File
                                      Process:C:\Users\user\Desktop\file.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):617
                                      Entropy (8bit):5.3551347693202604
                                      Encrypted:false
                                      SSDEEP:12:Q3La/KDLI4MWuPuuOKbbDLI4MWuPJKy2Khat92n4M0kvoDLI4MWuCv:ML9E4KGbKDE4KhKzKhg84jE4Ks
                                      MD5:CA23F1692DBD9B78C20FFBDF62BAB1C1
                                      SHA1:0995AD4BB02C98AD8B48C6E39197A1F1442F4DB7
                                      SHA-256:EEF50CD285563B1B5BE0B62061B008061B558EDC15AE6611F563B34B397B0D18
                                      SHA-512:690487FF871BAE3D0EAA24EA113D79ACD070C5EE8529C1D0E09BB246E2E96089D0943D05BA04DE7937F4F3FA6453906B930F2CBE01C8C6B1FD729C8C3C79A254
                                      Malicious:true
                                      Reputation:low
                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\68e52ded8d0e73920808d8880ed14efd\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\62fe5fc1b5bafb28a19a2754318abf00\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):6.047276829526935
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.91%
                                      • Win32 Executable (generic) a (10002005/4) 49.86%
                                      • Win32 EXE PECompact compressed (generic) (41571/9) 0.21%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      • DOS Executable Generic (2002/1) 0.01%
                                      File name:file.exe
                                      File size:5672232
                                      MD5:dc355e77931f3a3480c2b786e245f8f9
                                      SHA1:c58983fc53a1e89bcf5718caca81d422ba2fb21f
                                      SHA256:7da458389eb1c4f7eb3a0889b9bedaf3a6416cf4ad6c558a85756b760f1d6cc5
                                      SHA512:ae01a8737181780ce4233f2911e31bf3ef2558bdd363b55d1cddde2a0f2edb179eb688b8c17bd49f810ae00ebaf3001fb4d419da7239f85f35132734b23b6a7b
                                      SSDEEP:49152:SnBtvhfP26O9EsaqunpxapGsaWQv9GpVgulsc7uzF3nsTP2j:2jhHEEyuzpv9GpU3KC
                                      TLSH:32463A13B7B70CE1E56A1AB195D47F540EA7B7B2532173CB0FB1414D8EA6AC08DBA432
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..................N..@......>MN.. ...`N...@.. ........................V......qV...@................................

                                      File Icon

                                      Icon Hash:00828e8e8686b000

                                      Static PE Info

                                      General

                                      Entrypoint:0x8e4d3e
                                      Entrypoint Section:.text
                                      Digitally signed:true
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x6312F4FE [Sat Sep 3 06:32:30 2022 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Authenticode Signature

                                      Signature Valid:false
                                      Signature Issuer:CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US
                                      Signature Validation Error:The digital signature of the object did not verify
                                      Error Number:-2146869232
                                      Not Before, Not After
                                      • 18/12/2019 00:00:00 18/03/2022 23:59:59
                                      Subject Chain
                                      • CN=OOO Online Center, O=OOO Online Center, L=Yaroslavl, S=Yaroslavskaya oblast, C=RU
                                      Version:3
                                      Thumbprint MD5:95999A567C579E34E3B1EB0F6DA8960B
                                      Thumbprint SHA-1:84D4F15FE2A3A0DD62D6155234B357FB4FEE1E7F
                                      Thumbprint SHA-256:DF6C50FE1ACD547E193A72F4EE9B6DCA159887D75C016B39EDC74A94753F02FE
                                      Serial:4A8BFBC6856335F074DA2A5A86A03AE0

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [00402000h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x4e4cec0x4f.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4e60000x83d96.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x5670000x1d28.rsrc
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x56a0000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000x4e2d440x4e2e00unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rsrc0x4e60000x83d960x83e00False0.9686833530805687data7.95381200780698IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0x56a0000xc0x200False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountry
                                      PNG0x4e67800x5f25dPNG image data, 458 x 932, 8-bit/color RGBA, non-interlaced
                                      PNG0x5459e00x299PNG image data, 130 x 44, 8-bit/color RGBA, non-interlaced
                                      PNG0x545c7c0x332PNG image data, 130 x 44, 8-bit/color RGBA, non-interlaced
                                      PNG0x545fb00x300PNG image data, 130 x 44, 8-bit/color RGBA, non-interlaced
                                      PNG0x5462b00x3b0PNG image data, 130 x 44, 8-bit/color RGBA, non-interlaced
                                      PNG0x5466600x1ad8PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
                                      PNG0x5481380x312bPNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                      PNG0x54b2640x47aPNG image data, 130 x 44, 8-bit/color RGBA, non-interlaced
                                      PNG0x54b6e00x516PNG image data, 130 x 44, 8-bit/color RGBA, non-interlaced
                                      PNG0x54bbf80x336PNG image data, 110 x 14, 8-bit/color RGBA, non-interlaced
                                      PNG0x54bf300x363PNG image data, 110 x 14, 8-bit/color RGBA, non-interlaced
                                      PNG0x54c2940x1230PNG image data, 450 x 48, 8-bit/color RGBA, non-interlaced
                                      PNG0x54d4c40x1134PNG image data, 450 x 48, 8-bit/color RGBA, non-interlaced
                                      PNG0x54e5f80x16776PNG image data, 158 x 629, 8-bit/color RGBA, non-interlaced
                                      RT_DIALOG0x564d700xfedata
                                      RT_STRING0x564e700xe2data
                                      RT_STRING0x564f540x21cdata
                                      RT_STRING0x5651700x220data
                                      RT_STRING0x5653900x236data
                                      RT_STRING0x5655c80xe6dataChineseTaiwan
                                      RT_STRING0x5656b00x212dataEnglishUnited States
                                      RT_STRING0x5658c40x234dataItalianItaly
                                      RT_STRING0x565af80x146dataJapaneseJapan
                                      RT_STRING0x565c400x11cdataKoreanNorth Korea
                                      RT_STRING0x565c400x11cdataKoreanSouth Korea
                                      RT_STRING0x565d5c0x1e8dataPortugueseBrazil
                                      RT_STRING0x565f440x1d0data
                                      RT_STRING0x5661140x4a0data
                                      RT_STRING0x5665b40x406data
                                      RT_STRING0x5669bc0x47cdata
                                      RT_STRING0x566e380x1bcdataChineseTaiwan
                                      RT_STRING0x566ff40x3bcdataEnglishUnited States
                                      RT_STRING0x5673b00x46edataItalianItaly
                                      RT_STRING0x5678200x236dataJapaneseJapan
                                      RT_STRING0x567a580x266dataKoreanNorth Korea
                                      RT_STRING0x567a580x266dataKoreanSouth Korea
                                      RT_STRING0x567cc00x454dataPortugueseBrazil
                                      RT_STRING0x5681140x176data
                                      RT_STRING0x56828c0x30cdata
                                      RT_STRING0x5685980x2bedata
                                      RT_STRING0x5688580x32adata
                                      RT_STRING0x568b840x164dataChineseTaiwan
                                      RT_STRING0x568ce80x29cdataEnglishUnited States
                                      RT_STRING0x568f840x27ePGP encrypted dataItalianItaly
                                      RT_STRING0x5692040x1b8dataJapaneseJapan
                                      RT_STRING0x5693bc0x1c0dataKoreanNorth Korea
                                      RT_STRING0x5693bc0x1c0dataKoreanSouth Korea
                                      RT_STRING0x56957c0x29aDyalog APL aplcore version 80.0PortugueseBrazil
                                      RT_STRING0x5698180x2edataEnglishUnited States
                                      RT_STRING0x5698480x22dataEnglishUnited States
                                      RT_ACCELERATOR0x56986c0x8data
                                      RT_VERSION0x5698740x338data
                                      RT_MANIFEST0x569bac0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Possible Origin

                                      Language of compilation systemCountry where language is spokenMap
                                      ChineseTaiwan
                                      EnglishUnited States
                                      ItalianItaly
                                      JapaneseJapan
                                      KoreanNorth Korea
                                      KoreanSouth Korea
                                      PortugueseBrazil

                                      Network Behavior

                                      Snort IDS Alerts

                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                      192.168.11.20195.54.170.15749813165252850286 09/04/22-20:22:53.118164TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4981316525192.168.11.20195.54.170.157
                                      195.54.170.157192.168.11.2016525498132850353 09/04/22-20:22:08.231498TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response1652549813195.54.170.157192.168.11.20
                                      192.168.11.20195.54.170.15749813165252850027 09/04/22-20:22:06.110556TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4981316525192.168.11.20195.54.170.157

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Sep 4, 2022 20:22:05.595834970 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:05.654608965 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:05.654795885 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:06.110555887 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:06.169981003 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:06.215023994 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:08.170969963 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:08.231498003 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:08.277064085 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:16.187885046 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:16.248085976 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:16.248163939 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:16.248225927 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:16.248562098 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:24.111885071 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:24.398518085 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:24.710968971 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:24.772677898 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:24.820288897 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:24.884890079 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:24.979518890 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:24.979923010 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:25.074115038 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:25.074470997 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:25.133780956 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:25.133847952 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:25.382709026 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:25.441303015 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:25.441591024 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:25.500010014 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:25.500948906 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:25.554457903 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:30.634270906 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:30.732106924 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:30.732323885 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:30.791397095 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:30.791620970 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:30.851747036 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:30.851967096 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:30.852037907 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:30.911531925 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:30.911845922 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:30.971133947 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:30.971502066 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.031599998 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.031840086 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.037708044 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.090709925 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.097110033 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.097443104 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.156655073 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.156878948 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.216111898 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.216345072 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.275702953 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.276339054 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.313394070 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.313708067 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.336141109 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.336517096 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.395916939 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.395982981 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.396136999 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.396213055 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.455328941 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.455394983 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.455701113 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.455807924 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.514713049 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.515058041 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.552648067 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.552870989 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.574383974 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.574446917 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.574774027 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.633379936 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.633429050 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.633682013 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.633742094 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.692684889 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.692744017 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.692780972 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.692982912 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.693048954 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.752443075 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.752513885 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.752674103 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.752762079 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.812038898 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.812087059 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.812292099 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.812417030 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.871393919 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.871452093 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.871618986 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.871714115 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.931169033 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.931236029 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.931278944 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.931425095 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.931520939 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.931540966 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.990369081 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.990432978 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.990531921 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:31.990633965 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:31.990855932 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.028259993 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.028613091 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.050674915 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.050945044 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.087734938 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.088109970 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.111382008 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.111448050 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.111893892 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.147492886 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.147716999 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.147794008 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.171217918 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.171274900 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.171467066 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.206861019 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.208189011 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.230288982 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.230494976 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.266299963 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.266484976 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.266505957 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.289324045 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.289515972 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.289563894 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.325333118 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.325380087 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.325592995 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.348351002 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.348647118 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.384210110 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.384401083 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.407702923 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.407881021 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.443972111 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.444194078 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.467797041 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.468033075 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.527298927 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.527563095 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.587002993 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.587275028 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.587332010 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.646369934 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.646420956 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.646595001 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.646645069 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.646658897 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.705779076 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.705825090 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.705997944 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.742816925 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.742950916 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.765547991 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.765782118 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.802385092 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.802628994 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.824819088 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.825038910 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.884407043 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.884464025 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.884604931 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.884675026 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.943545103 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.943598986 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.943654060 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:32.943722010 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.943840981 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.943862915 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:32.944015980 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.002175093 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.002243042 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.002276897 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.002362013 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.002522945 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.002572060 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.062422037 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.062819958 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.122267008 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.122329950 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.122633934 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.181616068 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.181840897 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.181914091 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.241131067 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.241400957 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.278208971 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.278426886 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.299916029 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.300168991 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.336659908 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.336920023 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.357414961 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.357614994 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.394166946 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.394391060 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.416491985 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.416821003 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.453423977 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.453691006 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.476052046 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.476408958 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.512284040 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.512655973 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.535192966 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.535412073 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.571569920 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.571861029 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.594213963 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.594405890 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.630530119 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.630722046 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.653054953 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.653278112 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.653326035 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.690196037 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.690368891 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.712677956 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.712749958 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.712807894 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.712909937 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.712968111 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.713022947 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.749543905 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.749849081 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.772094011 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.772152901 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.772496939 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.809073925 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.809299946 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.831767082 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.831834078 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.832003117 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.867995977 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.868350983 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.890393972 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.890450001 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.890645027 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.927001953 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.927202940 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.949521065 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.949568033 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:33.949784040 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.958964109 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:33.985874891 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.008877039 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.008934975 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.017937899 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.018162012 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.077518940 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.077914953 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.114940882 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.115211010 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.136392117 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.136637926 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.195235014 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.195610046 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.233242035 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.233468056 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.254224062 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.254451036 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.313391924 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.313741922 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.351407051 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.351766109 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.372560024 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.372931957 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.431977034 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.432043076 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.432373047 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.491163015 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.491225004 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.491437912 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.491485119 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.549884081 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.549896955 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.550091982 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.550139904 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.587393045 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.587685108 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.608851910 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.608896971 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.609225988 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.609247923 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.646110058 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.646501064 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.667819977 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.667865992 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.668049097 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.704592943 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.704843044 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.726934910 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.726984978 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.727018118 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.727049112 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.727237940 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.727313995 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.763626099 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.763663054 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.764031887 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.785729885 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.785785913 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.785924911 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.822633982 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.822710037 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.822789907 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.822899103 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.844304085 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.844358921 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.844544888 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.844679117 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.881278992 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.881334066 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.881494999 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.881567001 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.902589083 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.902662039 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.902831078 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.902961969 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.940109015 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.940167904 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.940304995 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.961448908 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.961553097 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.961690903 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.961822987 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.999439955 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.999506950 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:34.999649048 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:34.999722004 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.005619049 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.020132065 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.020212889 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.058561087 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.058614969 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.064161062 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.064421892 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.123706102 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.123713970 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.123955965 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.124005079 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.183089972 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.183291912 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.183334112 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.242460966 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.242542028 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.243185997 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.243240118 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.301974058 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.302021027 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.302197933 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.302253008 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.360624075 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.360796928 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.360872984 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.398181915 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.398452997 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.419677973 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.419891119 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.457107067 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.457329988 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.478813887 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.478971958 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.479033947 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.516155005 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.516376972 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.538018942 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.538269043 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.575663090 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.575848103 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.596802950 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.596992016 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.634531975 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.634731054 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.634784937 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.654638052 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.654823065 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.654872894 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.691775084 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.691883087 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.692411900 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.712121964 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.712430954 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.749607086 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.749799967 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.771354914 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.771569014 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.808279037 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.808502913 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.830600977 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.830800056 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.867079973 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.867338896 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.889825106 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.890033960 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.926038027 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.926352024 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.949094057 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.949404001 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.949486971 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:35.984941959 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:35.985318899 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.008431911 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.008812904 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.044656992 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.045013905 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.067728996 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.067794085 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.068075895 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.068176985 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.127087116 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.127151012 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.127194881 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.127409935 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.127509117 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.186691999 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.186758041 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.187077999 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.224333048 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.224581003 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.245973110 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.246040106 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.246073961 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.246104956 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.246150970 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.246185064 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.246225119 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.246237993 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.246376991 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.283432961 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.283669949 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.304892063 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.304949999 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.304991007 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.305107117 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.305241108 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.342761993 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.342978954 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.364392996 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.364460945 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.364861012 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.423198938 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.423264980 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.423624039 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.460758924 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.461117983 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.481681108 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.481777906 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.481947899 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.482069016 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.520657063 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.521116018 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.541207075 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.541279078 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.541476965 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.541605949 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.580365896 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.580431938 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.580615044 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.580682993 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.600622892 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.600697041 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.600948095 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.639906883 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.640176058 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.659495115 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.659657955 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.659710884 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.697051048 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.697259903 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.718513012 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.718899965 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.756129026 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.756469011 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.777389050 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.777690887 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.814765930 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.814812899 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.815022945 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.815176010 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.815201044 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.836122036 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.836370945 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.872864008 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.872915983 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.873228073 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.894659996 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.894882917 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.932174921 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.932442904 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.953385115 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.954061985 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:36.990164995 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:36.990652084 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.012680054 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.013041973 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.072079897 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.072146893 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.072310925 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.130933046 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.130999088 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.131150961 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.131223917 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.190912962 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.190977097 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.191135883 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.250041962 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.250108004 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.250411987 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.308684111 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.308749914 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.308912039 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.367846966 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.367893934 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.368053913 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.368113995 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.380100012 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.427011013 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.427061081 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.438776970 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.438970089 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.439047098 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.497759104 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.498178959 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.556616068 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.556880951 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.594578028 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.594861031 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.614749908 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.614984989 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.673683882 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.674021959 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.711762905 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.712229967 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.732836962 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.733098030 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.789596081 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.789663076 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.789865971 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.846642971 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.846708059 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.847018003 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.903647900 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.903712988 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.903930902 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.962951899 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.962999105 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:37.963304043 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:37.963387966 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.022579908 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.022629976 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.022665024 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.022900105 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.022950888 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.022964954 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.080979109 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.081048012 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.081082106 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.081176043 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.081289053 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.081312895 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.138089895 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.138135910 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.138655901 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.175416946 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.175614119 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.196607113 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.196871996 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.255609035 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.255655050 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.255866051 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.292654037 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.292987108 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.313771009 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.313831091 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.313976049 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.314670086 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.372209072 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.372253895 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.372477055 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.373069048 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.373321056 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.430032969 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.430077076 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.430238008 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.430315018 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.431045055 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.431365967 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.487473965 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.487649918 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.487699986 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.487776995 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.488006115 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.488472939 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.489243031 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.526145935 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.526428938 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.545105934 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.545200109 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.545770884 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.546567917 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.546773911 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.546819925 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.604391098 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.604456902 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.604490995 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.604521990 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.604685068 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.604752064 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.605050087 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.605099916 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.605298996 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.605424881 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.662117958 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.662190914 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.662200928 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.662348032 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.662398100 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.662714005 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.662905931 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.663083076 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.717484951 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.717588902 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.717690945 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.717762947 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.718415022 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.754592896 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.754909039 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.776242018 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.776545048 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.776796103 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.777041912 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.814069986 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.814311981 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.836097002 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.836148024 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.836321115 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.873506069 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.873857021 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.895632982 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.895697117 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.895740032 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.895900965 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.896013021 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.932343006 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.932409048 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.932769060 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.952361107 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.952428102 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.952472925 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.952786922 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.952893019 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:38.989106894 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:38.989458084 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.006813049 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.006876945 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.007235050 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.064393997 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.064450026 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.064618111 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.064711094 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.102153063 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.102601051 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.123137951 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.123186111 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.123394966 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.123456001 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.181993961 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.182063103 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.182096004 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.182127953 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.182179928 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.182248116 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.182262897 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.182293892 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.241137028 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.241194010 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.241314888 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.241575956 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.241626978 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.300249100 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.300401926 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.300884962 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.300931931 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.301211119 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.301256895 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.358999014 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.359343052 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.359812021 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.359858990 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.360014915 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.419627905 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.419677973 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.419816017 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.426609039 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.478291035 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.478358030 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.484816074 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.485079050 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.485205889 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.543853998 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.543919086 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.543963909 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.544254065 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.602871895 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.603231907 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.640285015 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.640548944 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.662004948 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.662296057 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.719988108 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.720288992 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.757607937 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.757972002 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.779167891 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.779473066 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.839071989 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.839462996 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.875780106 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.876133919 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.936937094 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.937156916 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.998739958 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:39.999118090 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:39.999238014 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.063114882 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.063185930 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.063519955 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.100406885 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.100760937 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.125751019 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.126307964 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.126422882 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.189996004 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.190082073 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.190242052 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.253645897 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.253684044 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.253695011 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.253870010 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.253917933 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.253926992 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.316917896 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.316968918 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.317245007 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.354279041 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.354614019 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.380472898 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.380808115 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.418085098 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.418607950 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.418710947 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.444325924 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.444612980 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.444693089 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.482441902 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.482566118 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.482769012 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.508122921 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.508474112 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.545953989 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.546359062 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.571899891 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.572244883 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.572340965 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.609921932 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.610277891 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.636107922 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.636173010 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.636521101 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.636621952 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.674277067 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.674591064 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.700700998 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.700938940 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.737929106 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.738127947 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.764431953 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.764806032 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.801348925 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.802117109 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.829160929 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.829358101 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.865576029 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.865850925 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.893277884 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.893578053 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.893637896 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.928971052 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.929234028 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.956309080 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.956515074 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:40.990689039 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:40.990906000 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.018289089 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.018526077 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.053905010 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.054106951 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.081695080 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.082278967 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.113277912 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.113481998 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.140959024 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.141176939 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.170845032 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.171108007 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.198784113 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.199068069 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.228312016 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.228498936 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.256867886 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.257046938 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.257117033 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.286324978 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.286523104 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.315465927 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.315675020 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.345088959 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.345292091 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.373660088 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.373708963 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.373836040 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.373910904 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.430721998 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.430778980 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.430912018 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.430927038 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.430979013 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.431205988 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.431411982 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.488873005 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.488959074 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.488995075 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.489132881 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.489295959 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.547066927 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.547116995 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.547399044 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.547485113 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.584539890 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.584796906 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.606328964 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.606376886 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.606983900 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.643220901 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.643448114 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.665836096 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.665900946 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.666141987 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.666210890 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.702487946 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.702810049 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.724751949 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.761303902 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.761615992 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.820373058 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.820590973 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.820652962 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.877269983 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.877336025 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.877942085 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:41.936878920 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:41.937091112 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.035402060 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.094305992 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.094922066 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.153870106 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.153944016 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.154174089 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.154284954 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.212415934 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.212485075 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.212649107 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.270104885 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.270608902 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.307399035 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.307735920 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.328236103 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.328511000 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.387609959 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.387984037 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.425618887 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.425867081 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.446959019 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.447320938 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.484920025 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.485271931 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.506396055 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.506664991 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.506751060 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.544444084 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.544639111 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.565839052 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.565886021 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.566323996 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.602104902 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.602336884 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.624993086 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.625380039 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.661957979 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.662180901 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.684667110 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.685025930 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.721514940 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.721905947 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.744039059 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.744422913 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.780951023 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.781172037 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.803800106 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.804023981 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.840056896 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.840424061 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.862976074 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.863327980 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.863440037 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.900223017 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.900444984 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.922672987 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.923031092 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.959248066 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.959831953 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:42.981657028 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:42.982002020 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.018233061 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.018601894 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.039362907 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.039429903 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.039623976 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.039752007 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.075474024 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.075817108 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.075937033 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.098068953 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.098124027 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.098289967 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.134828091 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.135117054 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.157052040 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.157124996 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.157157898 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.157239914 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.157313108 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.157974958 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.194113970 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.194163084 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.194195986 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.194300890 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.194365025 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.215904951 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.215964079 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.216255903 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.216486931 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.216738939 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.253810883 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.254179955 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.275840998 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.275906086 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.276257992 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.335467100 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.335532904 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.335849047 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.372829914 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.373286009 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.395200014 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.395257950 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.395812035 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.432488918 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.432733059 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.455132008 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.455195904 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.455508947 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.491965055 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.492214918 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.514925957 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.514990091 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.515582085 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.551482916 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.551733017 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.574300051 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.574357986 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.574584961 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.574707031 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.610249996 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.610642910 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.633487940 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.633548021 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.633590937 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.633687019 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.633776903 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.633826971 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.634002924 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.670216084 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.670505047 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.692030907 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.692190886 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.692262888 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.692358017 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.692478895 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.692750931 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.728818893 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.729053974 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.729103088 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.750569105 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.750632048 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.750762939 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.750782967 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.750833035 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.751092911 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.751262903 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.786865950 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.787144899 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.809021950 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.809056044 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.809189081 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.809212923 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.809257984 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.809371948 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.809550047 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.845622063 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.845671892 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.846225023 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.867872000 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.867929935 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.867970943 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.868083954 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.868180990 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.904987097 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.905031919 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.905185938 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.926953077 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.926999092 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.927083015 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.927150965 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.927313089 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.927576065 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.964313030 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.964359045 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.964392900 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.964575052 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.964647055 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.964689970 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:43.985985041 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.986082077 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:43.986253977 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.023452997 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.023519039 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.023555040 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.023586035 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.023742914 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.023802042 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.044872046 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.045089960 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.082674980 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.082720041 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.082952023 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.083040953 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.104146957 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.104372025 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.141947031 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.142019987 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.142054081 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.142101049 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.142164946 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.142211914 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.142393112 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.163563967 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.163860083 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.201422930 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.201469898 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.201503992 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.201534033 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.201564074 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.201595068 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.201606989 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.201673031 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.201745033 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.201919079 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.222683907 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.223402977 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.260283947 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.260360003 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.260366917 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.260596037 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.260648012 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.260693073 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.260853052 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.319238901 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.319268942 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.319432020 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.319463968 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.357026100 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.357215881 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.378346920 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.378606081 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.416548014 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.416814089 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.437522888 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.437570095 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.437757969 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.475538015 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.475755930 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.475811005 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.496812105 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.534626961 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.534674883 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.534879923 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.593002081 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.593180895 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.593193054 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.651110888 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.651413918 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.690632105 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.690880060 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.710021019 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.710350990 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.710454941 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.768611908 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.768656969 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.768779993 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.768853903 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.827812910 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.827858925 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.828039885 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.828107119 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.886312008 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.886357069 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.886516094 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.924531937 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.924949884 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:44.944989920 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.945048094 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:44.945384026 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.004434109 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.004503965 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.004702091 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.041821003 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.042180061 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.063541889 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.063606977 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.063767910 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.063867092 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.101062059 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.101422071 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.122778893 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.122845888 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.123150110 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.123284101 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.160594940 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.160819054 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.182126999 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.182183981 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.182368040 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.220033884 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.220098972 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.220407963 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.241647959 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.241707087 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.241995096 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.279846907 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.279913902 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.280066013 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.301347017 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.301414967 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.301457882 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.301614046 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.301707983 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.301728010 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.338849068 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.360312939 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.360342979 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.360363960 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.360548973 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.360600948 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.398051977 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.398366928 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.419507027 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.419550896 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.419775963 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.478598118 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.478646994 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.478679895 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.478873014 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.478950024 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.537766933 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.537826061 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.537863016 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.538000107 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.538095951 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.596641064 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.596683979 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.596736908 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.596904993 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.596980095 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.634315014 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.634562969 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.656295061 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.656352997 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.656394005 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.656708956 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.693948030 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.694307089 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.716141939 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.716206074 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.716248989 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.716289997 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.716330051 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.716346025 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.716371059 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.716447115 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.716494083 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.716671944 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.753746033 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.753968954 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.775420904 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.775485039 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.775527954 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.775738955 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.775834084 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.812386036 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.812731981 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.834826946 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.834893942 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.835057020 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.835151911 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.893778086 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.893834114 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.894115925 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.930383921 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.930620909 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:45.952425957 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.952495098 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:45.952662945 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.012032986 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.012080908 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.012113094 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.012309074 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.012367010 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.012379885 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.071206093 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.071232080 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.071249008 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.071543932 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.130637884 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.130713940 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.131275892 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.189254999 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.189474106 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.252002001 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.299974918 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.663315058 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.723402023 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.768639088 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.783296108 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.842494965 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:46.893529892 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.937580109 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:46.996455908 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:47.049753904 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:47.247618914 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:47.306828976 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:47.345310926 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:47.403654099 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:47.445102930 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:47.703723907 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:47.703866959 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:47.752830029 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:47.812479019 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:47.859826088 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:47.919173002 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:47.920991898 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:47.979995966 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:47.981035948 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:48.039237022 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:48.058422089 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:48.117507935 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:48.118551970 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:48.177728891 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:48.221447945 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:48.227400064 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:48.286190987 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:48.330743074 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:49.918737888 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:49.977596998 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:49.987298012 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:50.045866013 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:50.095973969 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:52.999743938 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:52.999851942 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:53.056910992 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:53.056977987 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:53.057009935 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:53.057327986 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:53.057391882 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:53.058365107 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:53.058789968 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:53.117352009 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:53.118164062 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:53.177675009 CEST1652549813195.54.170.157192.168.11.20
                                      Sep 4, 2022 20:22:53.220319986 CEST4981316525192.168.11.20195.54.170.157
                                      Sep 4, 2022 20:22:53.332705021 CEST4981316525192.168.11.20195.54.170.157

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:2
                                      Start time:20:19:46
                                      Start date:04/09/2022
                                      Path:C:\Users\user\Desktop\file.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                      Imagebase:0xac0000
                                      File size:5672232 bytes
                                      MD5 hash:DC355E77931F3A3480C2B786E245F8F9
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Reputation:low

                                      General

                                      Target ID:11
                                      Start time:20:21:43
                                      Start date:04/09/2022
                                      Path:C:\Users\user\Desktop\file.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Users\user\Desktop\file.exe
                                      Imagebase:0x60000
                                      File size:5672232 bytes
                                      MD5 hash:DC355E77931F3A3480C2B786E245F8F9
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low

                                      General

                                      Target ID:12
                                      Start time:20:21:44
                                      Start date:04/09/2022
                                      Path:C:\Users\user\Desktop\file.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Users\user\Desktop\file.exe
                                      Imagebase:0x570000
                                      File size:5672232 bytes
                                      MD5 hash:DC355E77931F3A3480C2B786E245F8F9
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000000.151021654989.0000000000402000.00000004.00000400.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 0000000C.00000000.151021654989.0000000000402000.00000004.00000400.00020000.00000000.sdmp, Author: unknown
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.151694920742.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000002.151694920742.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:low

                                      Disassembly

                                      Reset < >

                                        Executed Functions

                                        Function 015D2F70 Relevance: 1.1, Instructions: 1055COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 40ec8b8c2aa05e02485fe55b00d679401dfbf68587405db90ae9b4df30bae11b
                                        • Instruction ID: 4e17f901c9c2bc5268d70096edc66a6324aa24b6980c1047ac682b99c354c109
                                        • Opcode Fuzzy Hash: 40ec8b8c2aa05e02485fe55b00d679401dfbf68587405db90ae9b4df30bae11b
                                        • Instruction Fuzzy Hash: E5829970B002158FDB68DF79C8546AEBBF6BF89204F148469E406DB355EB34DD42CB92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D86C0 Relevance: .4, Instructions: 387COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a0970816f9b70d6184963d1825ea501b8a810bd673819d34c050f295a081a66
                                        • Instruction ID: 4f81388dac1f49912e5e25e9684e0a865414fd16050589f423bbd32842898a07
                                        • Opcode Fuzzy Hash: 9a0970816f9b70d6184963d1825ea501b8a810bd673819d34c050f295a081a66
                                        • Instruction Fuzzy Hash: 79E1B270A04266CBCB25CF79C4502ADFBF2BF85300B15CA6AE485EF241E774DA85CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D7170 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: KDBM$nKl
                                        • API String ID: 0-941456152
                                        • Opcode ID: d3706b8adfe1a87eabb34c55abcfebbe2d7097e02207d627df120b995cf8ff20
                                        • Instruction ID: c618c1b68bca075edb92cb939926d99c30f42fdf362b587c3c8d4dc430897cb5
                                        • Opcode Fuzzy Hash: d3706b8adfe1a87eabb34c55abcfebbe2d7097e02207d627df120b995cf8ff20
                                        • Instruction Fuzzy Hash: 8D51E4357002156FDB19EFA89C10AAFBBABEFD8214F14842DEA15DB394DF319D0187A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D7160 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: KDBM$nKl
                                        • API String ID: 0-941456152
                                        • Opcode ID: e9d3e9d65251116e9235cda6ab2120b4b5839e3e0b4d1a57f344ac652f89d16b
                                        • Instruction ID: dfc1cfb6087a572bc3a24203e005aac163b885735e655835a3c05371d19af564
                                        • Opcode Fuzzy Hash: e9d3e9d65251116e9235cda6ab2120b4b5839e3e0b4d1a57f344ac652f89d16b
                                        • Instruction Fuzzy Hash: CD21F531B002156FDB15DBB48820BAFBBABEBD8308F158429E505DB394CF758C0187A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01178BC0 Relevance: 2.0, Instructions: 1980COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3e387a712e7a954d6649a5acc79839262a4ea3fc0016dd195733be1e0c480274
                                        • Instruction ID: 3a4e5bb94b34fca71390cfe082c2e93f1cd8890ab467c8540c194abe5cf30684
                                        • Opcode Fuzzy Hash: 3e387a712e7a954d6649a5acc79839262a4ea3fc0016dd195733be1e0c480274
                                        • Instruction Fuzzy Hash: 64233038A02248DFDF6A6FA0E52895DB772FB4A346B10847FDD0256754CB7A8C56EF00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01178BD0 Relevance: 2.0, Instructions: 1978COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 863ce05522311aaaa15e1aadc1194d593f399dd376bb10040bb12671b8cc7a1e
                                        • Instruction ID: 712b8589b98587bf72bd6b38592fc3def9c56543d192ead28621f4142246e715
                                        • Opcode Fuzzy Hash: 863ce05522311aaaa15e1aadc1194d593f399dd376bb10040bb12671b8cc7a1e
                                        • Instruction Fuzzy Hash: 73233038A02248DFDF6A6FA0E52895DB772FB4A346B10847FDD0256754CB7A8C56EF00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D4378 Relevance: 1.9, Strings: 1, Instructions: 611COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: 95ead062639953eadaaca940739202b91062ae565d3bce6d2fa397d40b0b0c32
                                        • Instruction ID: 6a4f9f5397cfec2da1a52a0f3f26d792c03577d14f1c30c7e968f8b705ae53cd
                                        • Opcode Fuzzy Hash: 95ead062639953eadaaca940739202b91062ae565d3bce6d2fa397d40b0b0c32
                                        • Instruction Fuzzy Hash: A742FB75A00219DFDB24CFA8C884A9DF7B2FF84314F258659E459AB656C770ED82CF80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01170CD0 Relevance: .4, Instructions: 377COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b44e83da8836ae2b588db6f2e014480d00aeddf2013a9590945caa3a4635915f
                                        • Instruction ID: 1080f86ca539af6130ad8433897565f57c9945f5a4bd28824ac0fc686e8c244c
                                        • Opcode Fuzzy Hash: b44e83da8836ae2b588db6f2e014480d00aeddf2013a9590945caa3a4635915f
                                        • Instruction Fuzzy Hash: 03E18B31600215AFDF2A9FA4C954EADBBB2FF4C310F0680A8E6199B275DB31D991DF41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01170CC0 Relevance: .4, Instructions: 350COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 211fd0f6b2965d7aeeb77f20e3c7202039f0ed70d932b88ecf8f1d4e4d0f6bb9
                                        • Instruction ID: 539935d74fff98f9a9cb2202372159706817ac25fa6ecf631a7429f9b4784485
                                        • Opcode Fuzzy Hash: 211fd0f6b2965d7aeeb77f20e3c7202039f0ed70d932b88ecf8f1d4e4d0f6bb9
                                        • Instruction Fuzzy Hash: A5D17C31600215EFDF2A9FA5C944E997BB2FF4C310F0685A8E6099B276DB31D9A0DF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117F038 Relevance: .3, Instructions: 349COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c0a83ead3bd9c0ac4e935384fb680a617efcb4a5c8f7e3cac7cf067976a72887
                                        • Instruction ID: 78f1bcda2e22487c8c36e368e8803bc70554c8898327f72ff84e8c887e278492
                                        • Opcode Fuzzy Hash: c0a83ead3bd9c0ac4e935384fb680a617efcb4a5c8f7e3cac7cf067976a72887
                                        • Instruction Fuzzy Hash: 68E13E34A00316DFCB18DFA9D594A9EBBB2FF88314F148869E5169B355DB30ED42CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D6151 Relevance: .2, Instructions: 225COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 391ec8bf6205c33da45f97225484b6ea1bb0d5353140ae285b95cbddfcdd7ac5
                                        • Instruction ID: bc1793e74f9c82bd080e0c3aa9ca022de622250229b88f0da405fec561233808
                                        • Opcode Fuzzy Hash: 391ec8bf6205c33da45f97225484b6ea1bb0d5353140ae285b95cbddfcdd7ac5
                                        • Instruction Fuzzy Hash: 0471B131F002199FDB25EFA8C850AEEBBF6BF89314F144529D515AB384DF349E028B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D8B30 Relevance: .2, Instructions: 224COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 83b02e5aa410eff9a4842e646bb628dea48c00bb6766284e51826c002a7ca24a
                                        • Instruction ID: fd485905a72a8d305b6f47702da7a0387b235e5c486f49dc1cbcdf6369dd7a05
                                        • Opcode Fuzzy Hash: 83b02e5aa410eff9a4842e646bb628dea48c00bb6766284e51826c002a7ca24a
                                        • Instruction Fuzzy Hash: 5371F031B103159FCB18EB78C461AAEBBE6AFC4214B14482DE402DF354EF70AE468B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D8B60 Relevance: .2, Instructions: 210COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c91e401aef3d789713fce8303da7904195cee180e9640ef56a706cc2fe255a66
                                        • Instruction ID: e79937eba9aa9eafed5e65f34b9b4a257977c5acf73a4c31af247c96af3188ac
                                        • Opcode Fuzzy Hash: c91e401aef3d789713fce8303da7904195cee180e9640ef56a706cc2fe255a66
                                        • Instruction Fuzzy Hash: 7971AE30B003198BDB28EB68C4616AEBBE6FF84214F54482CD5069F354EF71AD468B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D4DE0 Relevance: .2, Instructions: 200COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bf7a6f0ddbce1f10050d3178f2473cd379fea897270318a4acf392db8fabf76e
                                        • Instruction ID: 3a987332641881001d69879be0f357d65792069f148a5ecb676b653addfb0802
                                        • Opcode Fuzzy Hash: bf7a6f0ddbce1f10050d3178f2473cd379fea897270318a4acf392db8fabf76e
                                        • Instruction Fuzzy Hash: E871B231B00211AFDB15DB68C440EAEBBB6FF88314F258568D5159F395DB32EC42CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117F008 Relevance: .2, Instructions: 198COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e1a9a8c93d1d225e7ea0241f6a549ff52d76da355e82b3ba0cb189d207006f90
                                        • Instruction ID: 03215dd9b0e1d385f8158c52e50efe52f338b6e8a718066bceeef265b7e1e226
                                        • Opcode Fuzzy Hash: e1a9a8c93d1d225e7ea0241f6a549ff52d76da355e82b3ba0cb189d207006f90
                                        • Instruction Fuzzy Hash: DA816074A00206DFCB18DF69D494A9EBBF2FF88314B158569E415AB365DB30ED82CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D8110 Relevance: .2, Instructions: 187COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 65503f5777f13dc5831cdbb5292edf24c1587617a67228e12348930362f328a1
                                        • Instruction ID: ba1767c52ea24e2294c96ff6a5f4d8436d4f31911978481be166679833195612
                                        • Opcode Fuzzy Hash: 65503f5777f13dc5831cdbb5292edf24c1587617a67228e12348930362f328a1
                                        • Instruction Fuzzy Hash: 2B617C31F102059BDB18EBB8C45069EBBF2EF99310B558579D419AB354EF31DD41CBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D1718 Relevance: .2, Instructions: 186COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 22167b6d138ec2829d5b0608d80fb3a7baf6f04c50076d3cd1448cd8b945d839
                                        • Instruction ID: ab42188b92c9ba645b3ece8b82604d7abeec6822a74e07b700036a9be09d617e
                                        • Opcode Fuzzy Hash: 22167b6d138ec2829d5b0608d80fb3a7baf6f04c50076d3cd1448cd8b945d839
                                        • Instruction Fuzzy Hash: 5C51D434B002158BDB25EBBC94606BE76E7EBC4658B15447DD906DB385EF35CC02C791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D8FD8 Relevance: .2, Instructions: 184COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 72aabc704b9773515f161a1da33b2b0adce9e820dc02c8ccb0234838d15709b3
                                        • Instruction ID: b5ee0f57aa41a64691cf342ec5a95efa77a88a0665a21c2a3affe3e612e948c3
                                        • Opcode Fuzzy Hash: 72aabc704b9773515f161a1da33b2b0adce9e820dc02c8ccb0234838d15709b3
                                        • Instruction Fuzzy Hash: CA61A031E103199FDB14EBB8D481B9EB7F2BF88304F608569C509AB395DB71AE41C7A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117FD5E Relevance: .2, Instructions: 172COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3f3f6efc55050bddc1651b9e895dff4bdb9c810fddb86109a33d2a83cb796482
                                        • Instruction ID: f4fe151e3f2c7fef794e507dc71ffe516feca46df000e45beb19d92327e76b51
                                        • Opcode Fuzzy Hash: 3f3f6efc55050bddc1651b9e895dff4bdb9c810fddb86109a33d2a83cb796482
                                        • Instruction Fuzzy Hash: 1351AD347002159FDB09DF78C854AAE7BB6FF89210F154869EA16DB3A6DB30DD02CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D7D70 Relevance: .2, Instructions: 171COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 13271b5ef1c5abf3884927df1c02354a80877605e8c6d3537c6ec87742e532c0
                                        • Instruction ID: 6a624159f4bb243b42f08ee3721d9e10566a76db639b756ab23725cef63b3844
                                        • Opcode Fuzzy Hash: 13271b5ef1c5abf3884927df1c02354a80877605e8c6d3537c6ec87742e532c0
                                        • Instruction Fuzzy Hash: 3E519131B0031A9FDB14EBA8D490A9DBBF2FF88314F518969E405AF355EB30AD41CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D8E09 Relevance: .2, Instructions: 162COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f7db5748d1299746b3ba9963fcee6c9a29e16a27a7eeaa343cbac3306e871897
                                        • Instruction ID: 953ba4915687635086fccaab3c0e1f114fad4fdb687893f617384069bc68b111
                                        • Opcode Fuzzy Hash: f7db5748d1299746b3ba9963fcee6c9a29e16a27a7eeaa343cbac3306e871897
                                        • Instruction Fuzzy Hash: 61518E30B103168FDB28EB68C4557AEBBF6BF84318F544828D5069F394EF71AD468B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D3FA0 Relevance: .2, Instructions: 158COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5cb53583a60e54ec2734ff7023ef523127eef484e22d0b9773468962e7436674
                                        • Instruction ID: 5795f17b2cae7a81a25c7639b669936d5bd93548ceae6e5870a9b319f4590929
                                        • Opcode Fuzzy Hash: 5cb53583a60e54ec2734ff7023ef523127eef484e22d0b9773468962e7436674
                                        • Instruction Fuzzy Hash: 22513835B042059FDB64DFB9C980BAEBBE6BF88600F158479E905EB351EA31DD018B60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01173568 Relevance: .2, Instructions: 154COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4bd256fdc7ad49f98182829e39654a4ce06726ff23cfe16589836060a0bb254f
                                        • Instruction ID: 51c394ea36f9b943f5b76b7baa173790670b352404c31c09237fa074cfbedc6a
                                        • Opcode Fuzzy Hash: 4bd256fdc7ad49f98182829e39654a4ce06726ff23cfe16589836060a0bb254f
                                        • Instruction Fuzzy Hash: 6B510330B106048FCB04FBB8D45816DBBB2FF8A315B144A59E462973D9DF30AD59CB52
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117DEC8 Relevance: .2, Instructions: 153COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 434789810e97b7355a084c7e5a4111c745561f23af0f6c33dc66ff784c10c703
                                        • Instruction ID: f40d57aa71363bbe95e577840198ab92329977f1b85163ee46f3f92921da9d3f
                                        • Opcode Fuzzy Hash: 434789810e97b7355a084c7e5a4111c745561f23af0f6c33dc66ff784c10c703
                                        • Instruction Fuzzy Hash: 59511934A01218EFDF19DFA8E894AEDBBB6FF88304F148429F902A7350DB359941DB50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D83F0 Relevance: .1, Instructions: 142COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c473e4c4f625febed8eb6ad6d1ca90b7ab76633db811ec3ea73aa49df283218
                                        • Instruction ID: 6bb4c353ba026eb868620723d66493b94aee7bd29a4a589df265a423b082faaa
                                        • Opcode Fuzzy Hash: 3c473e4c4f625febed8eb6ad6d1ca90b7ab76633db811ec3ea73aa49df283218
                                        • Instruction Fuzzy Hash: 6A516030F102199FDB14EBB8D4916ADBBF2FFD8214F608569D505AB354DB31AD41CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117F3F9 Relevance: .1, Instructions: 140COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4f5b19a59189c0b2cdfdb0888e4f81aba87ee9f04e375d8ec58588131be3c5b1
                                        • Instruction ID: 8f997040e23fe03190c9d5e0405c3fd16158955111c8bfffe958fcd640c8069d
                                        • Opcode Fuzzy Hash: 4f5b19a59189c0b2cdfdb0888e4f81aba87ee9f04e375d8ec58588131be3c5b1
                                        • Instruction Fuzzy Hash: 9A51DD34A00209DFDB18DF94D994A9EBBB2FF48350F158464E915AB365CB31EC82CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D0980 Relevance: .1, Instructions: 134COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9d18dd3ce80b2155725dc2c7b12f3eead5b4376661301ee6faeb48419b27a645
                                        • Instruction ID: 9f4ee75d13fab87351073d6ce9349e242efe3da2c9f776f5b26dc1f0be48ef43
                                        • Opcode Fuzzy Hash: 9d18dd3ce80b2155725dc2c7b12f3eead5b4376661301ee6faeb48419b27a645
                                        • Instruction Fuzzy Hash: DC41E271B002149FCB15DB6C88507EEBBE6FBC5224F14846AE909EF389DB749D4287D1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01173578 Relevance: .1, Instructions: 130COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 56bf90334426c05e3d6c26ffe311d3b14b2a6af2c0e779e6c326726635b65b2e
                                        • Instruction ID: 54a55fd2eaebce3a0ef476ac8cb2ab1a22cc0d188fd542b14d5c01429b8e67a9
                                        • Opcode Fuzzy Hash: 56bf90334426c05e3d6c26ffe311d3b14b2a6af2c0e779e6c326726635b65b2e
                                        • Instruction Fuzzy Hash: DB41F430B106048FCB04BFB8D45816DBBB2FF8A315B504A29E422973D8DF30AD59CB62
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D6DB8 Relevance: .1, Instructions: 129COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3f6993b7d9bedbc34e180b4cd210cc7d5c89da557fd916d874488b1df2d186ba
                                        • Instruction ID: 227cedd0fe39639cf73c76b9fa4a0e6a4f3d4e22df9fd3f75d3fe9d46deda180
                                        • Opcode Fuzzy Hash: 3f6993b7d9bedbc34e180b4cd210cc7d5c89da557fd916d874488b1df2d186ba
                                        • Instruction Fuzzy Hash: E5417B1650E3D02FC703E73AA8605D63F755E8722832E85DBD4D08F1B3EA15888ED3A6
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117E3C0 Relevance: .1, Instructions: 126COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5165ad5d00e8a6c3a8e4d9d6980c6b303527742f5ae776293ab578c086a72962
                                        • Instruction ID: 9b9b62a2a04c3daec2db529e93562f5097ca18a0cc85585698a4943af0a2375d
                                        • Opcode Fuzzy Hash: 5165ad5d00e8a6c3a8e4d9d6980c6b303527742f5ae776293ab578c086a72962
                                        • Instruction Fuzzy Hash: 1E41B030B052058FC708DBA8D4647AEBBF6EF89314F1484BAE90ADB345DB359D41CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D6810 Relevance: .1, Instructions: 121COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6082089bd5785cc9fdb36a827a7c2a6fc30e908ddeda8997a62d35803a36f413
                                        • Instruction ID: 841d599037d98321d54faf36353090d90438e09ccfd5c732bc7534e60deb8782
                                        • Opcode Fuzzy Hash: 6082089bd5785cc9fdb36a827a7c2a6fc30e908ddeda8997a62d35803a36f413
                                        • Instruction Fuzzy Hash: AF418131A00219AFDB25DF54C855BEEBBBAFF89310F0084A8E919AB354DB315E45CF52
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01177EF8 Relevance: .1, Instructions: 113COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 16fb7f11ec42b6885fe42e1f820fb390d67f605acc3a8f4db969bd262229a1a5
                                        • Instruction ID: b8d9420782a09ccd86d121513f174cb4db083a56e10cf73c7cd617224b767c9c
                                        • Opcode Fuzzy Hash: 16fb7f11ec42b6885fe42e1f820fb390d67f605acc3a8f4db969bd262229a1a5
                                        • Instruction Fuzzy Hash: 6E41E3397043148FCB199BB8D12819E7BA7AFC53297248D7AE412DB391DF398C438B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117B1D8 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b3e33db396a6caddf3e53a04e1e31335c58eb149bda30e19714a5394f99739c9
                                        • Instruction ID: 3cfe2c7a4b6c42d5bf7e78dd6dbe006e6160ac7808a4d21c42056d0a50004338
                                        • Opcode Fuzzy Hash: b3e33db396a6caddf3e53a04e1e31335c58eb149bda30e19714a5394f99739c9
                                        • Instruction Fuzzy Hash: 2F311634B082199FDB08EBB8D8297EF7BB2AF84304F104465D510EB388DF749D469B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01172BF0 Relevance: .1, Instructions: 109COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d07e1e84faea3b227127821e768ef557b6611ffe5d08c839a587fbb9e816847f
                                        • Instruction ID: 69c45ce6222cbea5ac0207d55f199c55a79ecd705d21e9bcb360c95a404ce75d
                                        • Opcode Fuzzy Hash: d07e1e84faea3b227127821e768ef557b6611ffe5d08c839a587fbb9e816847f
                                        • Instruction Fuzzy Hash: E231A234B102109FCB48AF74945856EBBFAEFC9225710887DF81AD7348DF319D428B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01175800 Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8460865d5e7c41fc9ea4884c2a3f50be0d87f2eb68fa6513bd06859a5e39f588
                                        • Instruction ID: 636ac8b205ffd7078181d1afbf3bef678002b1761df277347a4d351a574552b9
                                        • Opcode Fuzzy Hash: 8460865d5e7c41fc9ea4884c2a3f50be0d87f2eb68fa6513bd06859a5e39f588
                                        • Instruction Fuzzy Hash: 3D418E35900209EFCB05EFA0E8689ADBFB2FF89304F144866E551A73A5D7315D15DF21
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01178569 Relevance: .1, Instructions: 101COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f539430f9e15a23582bd07c0e2e51cbd9b1395c6d3aceffcd8aafe61cad9d51c
                                        • Instruction ID: 9c9710d1cb8a8ffdb66d2a74a36833c3222b44555f911f327919c4f0b30cd5be
                                        • Opcode Fuzzy Hash: f539430f9e15a23582bd07c0e2e51cbd9b1395c6d3aceffcd8aafe61cad9d51c
                                        • Instruction Fuzzy Hash: ED3169307493914FC719A774946D1AE7FE79FC62243154CBAD446CB386EF288C078792
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D6698 Relevance: .1, Instructions: 98COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 20d03dc1ab5e68f697e5f320e2610152b8f7e8a858444ca9af4f3b13de9525a0
                                        • Instruction ID: fa74ac96ba19298d6acd3181dd2e822161ec1492037ca6b5e6c86df987a19e9f
                                        • Opcode Fuzzy Hash: 20d03dc1ab5e68f697e5f320e2610152b8f7e8a858444ca9af4f3b13de9525a0
                                        • Instruction Fuzzy Hash: 00316571E00204AFD764EFA88C51BEEBBF6EF88720F154529E529AB384D7745D018BA4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01174F5F Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c5107e0bf03298b5c3efce6d194aba4b6a6e0c9c5610bbac1d0abd3a7a4d7a6d
                                        • Instruction ID: 181a3895b902022c2cf252cb76c149c854fcac6d83a8a1f55d7f12cd936399a3
                                        • Opcode Fuzzy Hash: c5107e0bf03298b5c3efce6d194aba4b6a6e0c9c5610bbac1d0abd3a7a4d7a6d
                                        • Instruction Fuzzy Hash: 7D310B303003466FDF046BA5D895CAD7762FB897287444938D1218F769DFB12E8BCB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01178420 Relevance: .1, Instructions: 96COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fe81604f0e510a5f3ba9f1b1666c8b1a4fe538d2eb7a6347e720c69044ff50fb
                                        • Instruction ID: 6af6bca4f63737dc9e75fa5a53b70f1150bf7c8537195e4793c62b608ebd5fc6
                                        • Opcode Fuzzy Hash: fe81604f0e510a5f3ba9f1b1666c8b1a4fe538d2eb7a6347e720c69044ff50fb
                                        • Instruction Fuzzy Hash: B1315734B402048FD758DF68D4A8AAE7BF6AF88304F24086CE906DB3A4CF759C41CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01178410 Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 053feef88fe0f2161877ad95942ebdf3287f8f67d375b3d18b6bef9dae3d6149
                                        • Instruction ID: 993baa10e3eebb2d87df93932c223b02b1b9e4a44a0781ff30d4f1b39fc509f2
                                        • Opcode Fuzzy Hash: 053feef88fe0f2161877ad95942ebdf3287f8f67d375b3d18b6bef9dae3d6149
                                        • Instruction Fuzzy Hash: E6312A34B402048FD758DF68D4A8BAE7BB6EB89710F24046CE906DB365CB769C46CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01177DE0 Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 638a9d5e556fc30208c73c736ce4da4fe9c59056fe4da269ec54786feb06fa17
                                        • Instruction ID: e7dddb8225c2c373683e3cc64f4eca1760f8e98e44aa644e55248ebe470b1806
                                        • Opcode Fuzzy Hash: 638a9d5e556fc30208c73c736ce4da4fe9c59056fe4da269ec54786feb06fa17
                                        • Instruction Fuzzy Hash: 27310935B043558FCB196B78E5680AF7FBAEF862143144CBAE442C7345DF344C028B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117BD47 Relevance: .1, Instructions: 92COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4aeeef1b0685f40df4f6891500b57d9b0d988c81ab3b3efa0f04c457f2a02111
                                        • Instruction ID: 4939e6b0ed0d338a0004d71c4959a5f2f7d7ba641e0a5e7a66086b26bf07f0a1
                                        • Opcode Fuzzy Hash: 4aeeef1b0685f40df4f6891500b57d9b0d988c81ab3b3efa0f04c457f2a02111
                                        • Instruction Fuzzy Hash: EC319D31D0074A8ADB10EBB9E8102C9BB71FF99324F258716E159B7201EBB0B590CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D66A8 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 67ddd360d64db94abd16cd380e33ce7679c7d137dc836bda7d5a1cf6370bd149
                                        • Instruction ID: 1cacc97986b3b690c8b3f6c35403ddaff9a2e7b998341a3904b96fa69fde15c1
                                        • Opcode Fuzzy Hash: 67ddd360d64db94abd16cd380e33ce7679c7d137dc836bda7d5a1cf6370bd149
                                        • Instruction Fuzzy Hash: AF314531F00204ABD724EFA88C51B9FBBF6EF98720F154525E529AB3C4DB7198418BA4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117BD58 Relevance: .1, Instructions: 85COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 017a57f5cea73963bdd5d0d438cca3220fcb80d6dcb0c6a1d3b47cc6a4c914f4
                                        • Instruction ID: 6f49453e7ea6fb8b105574e0c9cc81f1ac99e4fdda7b22445b27656fe3938466
                                        • Opcode Fuzzy Hash: 017a57f5cea73963bdd5d0d438cca3220fcb80d6dcb0c6a1d3b47cc6a4c914f4
                                        • Instruction Fuzzy Hash: 59317A31D1070A8ADB10EBA9E8102C9F771BF99324F219716E65977201EBB0B5D0CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01174628 Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d570f8e996c7578089b26431141356689da26ac4fe4aea1978fffe474405de1d
                                        • Instruction ID: 7410b6d44019415a995dae2c03cdc7224a173992e233710be19e0195deb2ecaf
                                        • Opcode Fuzzy Hash: d570f8e996c7578089b26431141356689da26ac4fe4aea1978fffe474405de1d
                                        • Instruction Fuzzy Hash: BA21E6322083D14FCB06A77498641AD7FB29FC71243190CDAD4858F757DE256D0B9752
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01175810 Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6ddad27788cde43f873944b6b7d9b3549892f1156c62b8fe8baf2965a9446cd4
                                        • Instruction ID: 40ccd13634b8a4215c630b7cbdc1c5b6b0456d2d85d4ddffef2265a245c19087
                                        • Opcode Fuzzy Hash: 6ddad27788cde43f873944b6b7d9b3549892f1156c62b8fe8baf2965a9446cd4
                                        • Instruction Fuzzy Hash: 9931E735910209EFCB05EFA4E958DADBBB2FB88304F104856E515A3369DB325D60DF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01178AA0 Relevance: .1, Instructions: 80COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4c8c200ad987525e4dd563f46cd98f24de8b6a48ca175a1ec7bfe1dc4d22fcf
                                        • Instruction ID: 77499eab185c1f2de1fe44a87198d7ef43ddaf6f76500a009c1bfd64fa7e9866
                                        • Opcode Fuzzy Hash: a4c8c200ad987525e4dd563f46cd98f24de8b6a48ca175a1ec7bfe1dc4d22fcf
                                        • Instruction Fuzzy Hash: 3A31C531E1060ACBCF14AFB8D4141AEB7B1FF89314B10852AD41AA7745EF70A951CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C0F1 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4310553bf4ead47b35a1fba5c11f539a4287afa9eef7a27d31875cc377799097
                                        • Instruction ID: 3e072984cd61196b0b034a64f3dc54daff789578f44c5b8aff756a7d54fa3b59
                                        • Opcode Fuzzy Hash: 4310553bf4ead47b35a1fba5c11f539a4287afa9eef7a27d31875cc377799097
                                        • Instruction Fuzzy Hash: 46215130F49242DFDB1D6B78B81836A3BB69B45606B05087DF48BC6785DF288C55C791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D6F18 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c276253b5206f1a31a43dcd51a339d4aaff79a1bd2184d40be59473e9f7ec5f3
                                        • Instruction ID: c2c51d1daa21c42f03230b5adb016bcbe87ab570fb02e85185ed2acb03534fdd
                                        • Opcode Fuzzy Hash: c276253b5206f1a31a43dcd51a339d4aaff79a1bd2184d40be59473e9f7ec5f3
                                        • Instruction Fuzzy Hash: 1C31F8B4D00219AFDB10CFA9C884ADEFBB5FF48314F10852AE918AB250D3749954CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0111D774 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679427921.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_111d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7636f8aaf3aa8305d58716812da68decd3a9ed03167906548dbf786db043f3ef
                                        • Instruction ID: 7318e30878514d5f2e59f839a7f59e4186bb3786eb48e8c660075796773fdb38
                                        • Opcode Fuzzy Hash: 7636f8aaf3aa8305d58716812da68decd3a9ed03167906548dbf786db043f3ef
                                        • Instruction Fuzzy Hash: 59210871504240EFDF09CF94E8C8B66FB66FB88318F248579ED090A24AC336D451CBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0111D4F0 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679427921.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_111d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8ebdf1fa933e90c481742a465e67b45fefa4af175dd9ae13ac47982c1c121fdd
                                        • Instruction ID: 713a9b3f0791f88c2e3d04081d799957a57f341305327a9b443e1ccb3ebdd86e
                                        • Opcode Fuzzy Hash: 8ebdf1fa933e90c481742a465e67b45fefa4af175dd9ae13ac47982c1c121fdd
                                        • Instruction Fuzzy Hash: 41210375604200DFDF49DF94E9C8B66FF79EB88318F248679E8050A24BC336D955CAA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D6F20 Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3b2ff7674d67955656586cb63a513aaedb53eed05f62259e344b719b0418921a
                                        • Instruction ID: 401e0d346c1933c297a2f65bb545b792e836f3f99d5fa45c173aa77acfa6424b
                                        • Opcode Fuzzy Hash: 3b2ff7674d67955656586cb63a513aaedb53eed05f62259e344b719b0418921a
                                        • Instruction Fuzzy Hash: 5E31E6B5D0025E9FDB10CFA9C884ADEFBB5FF48314F14842AE918AB250D774A984CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D6A10 Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e7375b0250fc61904d9f6782ef40d8dd59ced3f4568b6a3abad4596623cede0a
                                        • Instruction ID: e35a64fb94eb9e3f15625d263c8a84845b9b835986eba402fce83bbce98fdaa5
                                        • Opcode Fuzzy Hash: e7375b0250fc61904d9f6782ef40d8dd59ced3f4568b6a3abad4596623cede0a
                                        • Instruction Fuzzy Hash: EC213531700310AFCB1A9F68C8159AD3FFAFF86220B01409DE005CF251EB349D028B92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D6340 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 683a19ef86b4400d3cd0845d505feccdfadf8fb32aab255e2789065c84713261
                                        • Instruction ID: 8fb49a601694f521704a72a21b31f7054c2ce839bdc0852af188a9abb8ca40ef
                                        • Opcode Fuzzy Hash: 683a19ef86b4400d3cd0845d505feccdfadf8fb32aab255e2789065c84713261
                                        • Instruction Fuzzy Hash: DF1156313042145FCF166FA888206EE3BE7EFC6324710486EE505CB385DF394D028B92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0112D5A4 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679857602.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_112d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3ec4617d7bbcd39801086329e1d3c61f6f3e360f405bdac3d05a5996b8a75a45
                                        • Instruction ID: a5c431be05494c7b741ee26d60728bc68b5279c5d109b9f30cd2b7f5d139bf40
                                        • Opcode Fuzzy Hash: 3ec4617d7bbcd39801086329e1d3c61f6f3e360f405bdac3d05a5996b8a75a45
                                        • Instruction Fuzzy Hash: 06213774204204DFDF19CFA4E9C0B26BB65FB88318F24C96DE80D4B242C736D866CB62
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0112D3F4 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679857602.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_112d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ad5af0786d6a10a5894dad1cc67fceb45bc9d94bdb3a46cdae9dbadecfb488f1
                                        • Instruction ID: 586ca6ea294724159b4e4accead6c4fc3370669307317a4ec2882110b3644bdd
                                        • Opcode Fuzzy Hash: ad5af0786d6a10a5894dad1cc67fceb45bc9d94bdb3a46cdae9dbadecfb488f1
                                        • Instruction Fuzzy Hash: 35213B75604280DFDF09DF94E8C4BAABB65FB84324F24C569D8090B746C336F466CBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01173756 Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5f37fb9ad0b03524718d0dedbb7152a85c9d77c1568d33b10f27f4ab18544c2e
                                        • Instruction ID: 9202991788ee4bc0208ced97ee6af1ec55f38bffb8290618a50470ad915b216a
                                        • Opcode Fuzzy Hash: 5f37fb9ad0b03524718d0dedbb7152a85c9d77c1568d33b10f27f4ab18544c2e
                                        • Instruction Fuzzy Hash: B3119D3164E3D10FC71317B468241997FB5EF8362531A04EBE086CB293CA5D0C0A8762
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D80C0 Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 46945b4680f1db3b1fc93f190c7943a51e707640190194bbd546f7ec109f2596
                                        • Instruction ID: b891b62b8f4ea398ee79a580fe186da8af935f9b2891f4446f94e731a0626196
                                        • Opcode Fuzzy Hash: 46945b4680f1db3b1fc93f190c7943a51e707640190194bbd546f7ec109f2596
                                        • Instruction Fuzzy Hash: 8511E631E043054FDB129BB998212DEBBF1FF86310B05857BD459EB242E7349E4587A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C5C8 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd70b98e5c96e68a5e7b15657b99dae15a05184773b82fb773a25d923fe0cb6e
                                        • Instruction ID: 3dd232f1d20b0db2cf70a3f2b6cbaa954b2293342010921655267ec646a86dfa
                                        • Opcode Fuzzy Hash: dd70b98e5c96e68a5e7b15657b99dae15a05184773b82fb773a25d923fe0cb6e
                                        • Instruction Fuzzy Hash: 8A11033171031B9BC708EB64D89568EB7B6FFC0218BA04D24D0458B758EB30FE0A87D1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01175A12 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b6b45a915c1d05eda70642c03be8e08cbeb216d1e09ee2c3dce31162cf5a4e59
                                        • Instruction ID: 4e493a4516a70a7627bc4b5c6cc4158f901ed7ff6f19a917e04eec7e410d7854
                                        • Opcode Fuzzy Hash: b6b45a915c1d05eda70642c03be8e08cbeb216d1e09ee2c3dce31162cf5a4e59
                                        • Instruction Fuzzy Hash: 9111723121075A8BC725DF68D4819CF77B6AFC0328B548E28E4894F664DB74FF4A8B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0111D76F Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679427921.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_111d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9d96c15c1cdf58b1127d37239e667afda8e7951f8c6a5b32266e172bd298b2fc
                                        • Instruction ID: 7e61ad30fe1ea49be7eec6a80a814e49fe3dd43fb37cd2b217bb9eaa6ba1f1aa
                                        • Opcode Fuzzy Hash: 9d96c15c1cdf58b1127d37239e667afda8e7951f8c6a5b32266e172bd298b2fc
                                        • Instruction Fuzzy Hash: EC219076504280DFCF16CF54E9C4B16FF72FB88314F2486A9DD490A25AC33AD426CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117D9A0 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bf2a045554d560c7ec57367a1a3113edb3645bb0fecbcbd501fc7a42f21d7753
                                        • Instruction ID: 90fd1dc2416af8281223da612df3a206a9ea2ffe114ad37c2ce5d46cf126aed5
                                        • Opcode Fuzzy Hash: bf2a045554d560c7ec57367a1a3113edb3645bb0fecbcbd501fc7a42f21d7753
                                        • Instruction Fuzzy Hash: 1611A0313103449BC7299A78E85476A7BA7FBC5219F544D6DE54387745CFB1EC0A8B40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0111D4EB Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679427921.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_111d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a9b2fa0847d7fcd01e7e2c2124247b7353a15dd79a6fb38b290937cef3ba9469
                                        • Instruction ID: ee1946457444dd5643797a1842bbece1f21983a5659d3b8cf311b7450e72f9df
                                        • Opcode Fuzzy Hash: a9b2fa0847d7fcd01e7e2c2124247b7353a15dd79a6fb38b290937cef3ba9469
                                        • Instruction Fuzzy Hash: 36119D76504240CFDF16CF54D5C8B16FF72FB84314F2486A9D8090A25AC336D55ACBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01177D78 Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c0671ca8ba2ca8c2da552ca4d6991bbfe41921da3e029e44ede7b8c7cc1ac87e
                                        • Instruction ID: 0a2f58c5a891da189fefe4c0ef1368556831c0ec92562d24df4a3814f8b9cee8
                                        • Opcode Fuzzy Hash: c0671ca8ba2ca8c2da552ca4d6991bbfe41921da3e029e44ede7b8c7cc1ac87e
                                        • Instruction Fuzzy Hash: D201F974A0D3859FC70A5BB4982909A7FB6EF8720432948EBD445CB356EA268D068B61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D65E8 Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3397a75f75e433d9b22d12dba1e3e4ae9da52080c8f74310fde2bdef753928a
                                        • Instruction ID: c14fc8d62ec21328bd3deb0961b441fb4218716f651acc237e626655234db923
                                        • Opcode Fuzzy Hash: a3397a75f75e433d9b22d12dba1e3e4ae9da52080c8f74310fde2bdef753928a
                                        • Instruction Fuzzy Hash: AC1114B28002499FDF10CF99C845BEEBFF4EF88320F148419E518AB250C3399995DFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D41E0 Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 075991386f85e123b7707b71960a4bc89bd8e006ed1fceb95007f8c06fa6ee2d
                                        • Instruction ID: 153fc26f3d06f28c457c5b5e202a79cbc1f3b7057c27fb249ab70455aeff35d4
                                        • Opcode Fuzzy Hash: 075991386f85e123b7707b71960a4bc89bd8e006ed1fceb95007f8c06fa6ee2d
                                        • Instruction Fuzzy Hash: AB1102716003009FDB44EF68D8467AABFA6FFC4310F50C97AE4499F28ADBB59945C790
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D5FA0 Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7acfb86e610ad9a99291f78c6b424c2730c7435fed54418df55e7ce199600106
                                        • Instruction ID: 3745d9b2b39957a55ff9a7f297c6ecf94244bc49d13f01bdd26858eecea427b0
                                        • Opcode Fuzzy Hash: 7acfb86e610ad9a99291f78c6b424c2730c7435fed54418df55e7ce199600106
                                        • Instruction Fuzzy Hash: 0A1114B28002499FDB10CF99C844BDEBFF4FF48320F148819E618AB210D335A994DFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D5B30 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 65bca93dcc74720022183c84eee5c6570c8e953f0bad9dae4a89188ff37381fb
                                        • Instruction ID: 95e035e2be0244ab051bb714b8f2829dba6969b1219facd9eac67f454827516e
                                        • Opcode Fuzzy Hash: 65bca93dcc74720022183c84eee5c6570c8e953f0bad9dae4a89188ff37381fb
                                        • Instruction Fuzzy Hash: 6511C4343082405FD304DB2DDC54B2BBBEAEFC9624F2985A9E169CB3E5CA71DC018754
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0112D59F Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679857602.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_112d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2a6b5bf1b1b8fdfff8caa30a800c112ef87008db8f6e2d3ff2f9d00fc8415ff
                                        • Instruction ID: 968f551f3af7a48c2533f46af329f40bf06b38cae9c5301707a4ab298a8392a7
                                        • Opcode Fuzzy Hash: b2a6b5bf1b1b8fdfff8caa30a800c112ef87008db8f6e2d3ff2f9d00fc8415ff
                                        • Instruction Fuzzy Hash: CD11BE75504244CFDF16CF54E5C4B15BB62FB84314F24C5AAD8094B252C33AD45ACB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0112D3EF Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679857602.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_112d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b4386ebabcea9a0b57a49cbe6c05ca3489348fb0b1755d97d98b53181dacd5f9
                                        • Instruction ID: 128cd983ca5e14ea283317dff03ff1ec7dffdd7eac4ba7dc6699277933f9eea9
                                        • Opcode Fuzzy Hash: b4386ebabcea9a0b57a49cbe6c05ca3489348fb0b1755d97d98b53181dacd5f9
                                        • Instruction Fuzzy Hash: 8D11B275504280DFDF16CF54E5C4B59FF61FB84324F24C5AAD8494BA46C33AE416CB92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D5A98 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1aebe02e01438685bcb69eb992659b128f72781d5d94a77e4048608b0d56d027
                                        • Instruction ID: ee08b9bbac3a7763c816c8268dc972475cd39679d119327f09d4b6a4ed7c04f4
                                        • Opcode Fuzzy Hash: 1aebe02e01438685bcb69eb992659b128f72781d5d94a77e4048608b0d56d027
                                        • Instruction Fuzzy Hash: 3D117070E043159FDF25DFBDC4046AEBAF5BB88305F00892EE41ADB240EB749841CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117D9B0 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9dcb48d2aee78e0e0935f247ce9aca0ce3544a9aae0698566a7c45c30f9ce66d
                                        • Instruction ID: 95cc3fc735ddd7c9cc330741e9e0a7421d95c803fe609b7171e56eb2aeb097f3
                                        • Opcode Fuzzy Hash: 9dcb48d2aee78e0e0935f247ce9aca0ce3544a9aae0698566a7c45c30f9ce66d
                                        • Instruction Fuzzy Hash: B2016D303103049BC729AB79E44876ABBABFBC4229F544D6DE54787785CFB1ED1A8B40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D41F0 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4006ed1bf0141e922345446acbdb48897d9fe1c5734f040be9d2fe4b6f20f193
                                        • Instruction ID: 7acd9df71227de31fe28985afb260ab023813c303112740865db819bf3207ade
                                        • Opcode Fuzzy Hash: 4006ed1bf0141e922345446acbdb48897d9fe1c5734f040be9d2fe4b6f20f193
                                        • Instruction Fuzzy Hash: D4010031A003049BDB44EF59D8857AABBA6FFC4310F50C939E94D9F289DBB19941C7A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D9349 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e1c81e487c85f37dc1ce3f1bf338a571fa43bb1fc0efeda59d7bf32d4d8777b6
                                        • Instruction ID: a375fcf0c3f4d15468d7a498fe1a3bfc7a54b744828c075f076ce772fa08b02c
                                        • Opcode Fuzzy Hash: e1c81e487c85f37dc1ce3f1bf338a571fa43bb1fc0efeda59d7bf32d4d8777b6
                                        • Instruction Fuzzy Hash: BC11A276800114AFCB429FA5DD04DDABFB6BF0C310B5681A5F6089B132D332CA61EF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01174658 Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 049f9aacceb35ff1648757aedf03a0f0f280b6b70063d47bdbc468b867651760
                                        • Instruction ID: 61cd653d97a646c9b1df4ae2b770e12b4c40b52f6167820b4c0cf26f65928f7e
                                        • Opcode Fuzzy Hash: 049f9aacceb35ff1648757aedf03a0f0f280b6b70063d47bdbc468b867651760
                                        • Instruction Fuzzy Hash: 7C015E323003624F8B48A778E5645AE77D7EFC52293944D2CE4068B748DF747E0B5795
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C5B8 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 87f28a3a2b98096e21fe5b678df65f4905bd99c6ec0ecddbf3dcaa5fc4cfc810
                                        • Instruction ID: ab2eb3fb489f398227593f6db30bae4b8cbdcf98739202da0cee84dbf753ee37
                                        • Opcode Fuzzy Hash: 87f28a3a2b98096e21fe5b678df65f4905bd99c6ec0ecddbf3dcaa5fc4cfc810
                                        • Instruction Fuzzy Hash: C101F73161031A6BC708DB68DC857CEB7B9FBC1228F500D25E04597745DB74BE4687D1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D5A88 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 066a4b4e22cc5dae1c4079264bbd95989a385d0326b7b1d7fe825037a1d36e6e
                                        • Instruction ID: 88e56201731f4edbe132c4b6b9fd4c40ba093514089c1a296548c422a7be4d9e
                                        • Opcode Fuzzy Hash: 066a4b4e22cc5dae1c4079264bbd95989a385d0326b7b1d7fe825037a1d36e6e
                                        • Instruction Fuzzy Hash: 9B012D70E01715CFCF659FA885442ADB7F1FF48255F00852AE45AD7200E7749941CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0111DA41 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679427921.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_111d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 16668e5c17d72ffef5fc730fe297bf12a782bfe43b672a9d1ebadf6a9827161d
                                        • Instruction ID: 37c38c568a030543019d89426571638c7ec9702baa362be95000785289edc1ab
                                        • Opcode Fuzzy Hash: 16668e5c17d72ffef5fc730fe297bf12a782bfe43b672a9d1ebadf6a9827161d
                                        • Instruction Fuzzy Hash: 5901AC761083509AEF18CA95E88CBA7FF9CDF41224F18856AED490E286D3759D40C6B2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D69FF Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 207920046947d87ae1bfbb74c2741ce922eb8c1703be1b0a6de2255ef6831253
                                        • Instruction ID: 3d925962ea05dc19469d5de1b020cb8c65607639d1cd6679aac725f0bfc2b799
                                        • Opcode Fuzzy Hash: 207920046947d87ae1bfbb74c2741ce922eb8c1703be1b0a6de2255ef6831253
                                        • Instruction Fuzzy Hash: F1018B71B04204AFCB66DF68D844DAEBFBAEF88310B0281AAE405CB215DA31CD018B91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117D121 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b866eb866b968c57a508536b564e3e788a9be32cf54990432941d30e5c90a969
                                        • Instruction ID: 0516dd1261098db8a4efef749578c82fab11bb1fbab205a08d5f7237cf274b87
                                        • Opcode Fuzzy Hash: b866eb866b968c57a508536b564e3e788a9be32cf54990432941d30e5c90a969
                                        • Instruction Fuzzy Hash: 7D01DF312006158FC754CB69E484E9ABBF6FF84714B5688A9E445CB731DBB4FE06CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D7500 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 847be0b7b4e504eb6d6f150b4d57231a633c4f347eed5e828fffbee19425ad5b
                                        • Instruction ID: 1522011b9fcf71b09ffb17e10055712abbfdbb4e2ef5417127aa3f6ab664be6d
                                        • Opcode Fuzzy Hash: 847be0b7b4e504eb6d6f150b4d57231a633c4f347eed5e828fffbee19425ad5b
                                        • Instruction Fuzzy Hash: A6014F36204248BFCF03AF95DD2089A7FA3EFC92147158059F9048B226CA37DD23DB50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01173930 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0a6930f49ff0ea8c4c02269c3c1a4c0975eab701c4260396696114701c16076c
                                        • Instruction ID: a66dc5eb93515ff164e3990af3fd923c772da08dc3b90466a5073309f14efec1
                                        • Opcode Fuzzy Hash: 0a6930f49ff0ea8c4c02269c3c1a4c0975eab701c4260396696114701c16076c
                                        • Instruction Fuzzy Hash: 6201BC30E05349AFCB04EFB4E45659DBFB1EB46308B2149AAD455DB344DB301F09CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01173F50 Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ccf84f146f4d697ddfc06dd13dfb2690b985e139d0fca4636ca725bcb3adcb0
                                        • Instruction ID: d8b16320b1b17e3b0b291900942deec1f994b96d3b904ebf30aa4addc980fff3
                                        • Opcode Fuzzy Hash: 2ccf84f146f4d697ddfc06dd13dfb2690b985e139d0fca4636ca725bcb3adcb0
                                        • Instruction Fuzzy Hash: B4F02B7270C2985FDB0ADBB8B4606E9BFB5DB4A225F1840D7E058C3382CB228E03D751
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D9358 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8833099d85c8eb4a0e8bb716e3735b6eaba11818b673dba114cf62ae6ffde4c0
                                        • Instruction ID: 4650eb7ed8e72df992bb77e3ef4931b034c0d2c53140a169faf4603a7d1fcfc2
                                        • Opcode Fuzzy Hash: 8833099d85c8eb4a0e8bb716e3735b6eaba11818b673dba114cf62ae6ffde4c0
                                        • Instruction Fuzzy Hash: E0018472900115EFCB469FD5D904D99BFB6FF0C310B5681A5E6189B132D332DA61EF81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C48A Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f2d22452c2605ed9204039d34a8cae71dbb2cbfa0db621d2e77eb84426f1562d
                                        • Instruction ID: 4655c3ace16c82d240e5967e5aad20d7c56d8c01b7d6f73562561db26e67e3f5
                                        • Opcode Fuzzy Hash: f2d22452c2605ed9204039d34a8cae71dbb2cbfa0db621d2e77eb84426f1562d
                                        • Instruction Fuzzy Hash: 5E016D71A103198FCB48DF69D8095DEBBF4FB88310B00451AE40AE3340DB746A558BD0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0111DA40 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151679427921.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_111d000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3bc6b2715efff720fa7d1785713c97fac15e9de67190d61574963c0e525a9e6f
                                        • Instruction ID: bec84b8eb0d9b3d37cb97d6483adc97ae225a71654dc8218629351b50533920b
                                        • Opcode Fuzzy Hash: 3bc6b2715efff720fa7d1785713c97fac15e9de67190d61574963c0e525a9e6f
                                        • Instruction Fuzzy Hash: 65F068724042449FEB148A55D888B63FF9CEB41724F18C55AED185F286D3795C44CAB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011746F8 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 148efd6023c3310123f4965559da200aa86fef3f32ebbb5fa24f1d6f44dd4741
                                        • Instruction ID: e0619e0a5083775c738d4d91a3940eb96c444a81c41c460fefdfd01fc781e277
                                        • Opcode Fuzzy Hash: 148efd6023c3310123f4965559da200aa86fef3f32ebbb5fa24f1d6f44dd4741
                                        • Instruction Fuzzy Hash: 9BF046301083A98FC711DB69E0142AE7FF5EB82218B01086EE0828B746CB616C0B8BD1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D63B0 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e0df1ac9ef1a7b45ba89fac89d169bb457113a63dddd7fb2fd5c0510d7bb6f50
                                        • Instruction ID: 40fdb92e38bee3e52ba6886f747073c74cdd519a8674d8cc17e021089939ff24
                                        • Opcode Fuzzy Hash: e0df1ac9ef1a7b45ba89fac89d169bb457113a63dddd7fb2fd5c0510d7bb6f50
                                        • Instruction Fuzzy Hash: B9F0E9323002196F9F059FD89C109EF7BEBFBC8220B004429F6158B344DB714C1067A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117D194 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 734e4abb6eba3ecd56abbc2ffa8ae7c09a6c4575f977cf794ab0d1d12b4ff15e
                                        • Instruction ID: 72f2079cd1cdd107427ad7e60882b40c62d0bfc175d82184587ec094869e797f
                                        • Opcode Fuzzy Hash: 734e4abb6eba3ecd56abbc2ffa8ae7c09a6c4575f977cf794ab0d1d12b4ff15e
                                        • Instruction Fuzzy Hash: 7AF0CD722002108FCB04CBA9E454A99BBB1EF90251796C89AE842CF772DB34EE46DB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011737BF Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7ad0f7f3e348682add4faf4ae60c6b3ad200834238765a678881ec370f98bf10
                                        • Instruction ID: 6eea4e391a6e389b0c582fbdddcf704b52fbc3e624e46a2b0892a799d5637a2a
                                        • Opcode Fuzzy Hash: 7ad0f7f3e348682add4faf4ae60c6b3ad200834238765a678881ec370f98bf10
                                        • Instruction Fuzzy Hash: 9CF0E2312053912FCB2556A6A4A86EEBFAAEBC6328B10487DF04AD3345CA651C06C761
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C427 Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b51ab3d9f079aa71a70c3b626835b827a1a64fd4d43529b7f7957d95d476621
                                        • Instruction ID: 2bda8462fcbe800f47c54d304bd95c14946ff4db14e77de3392dd90587485a1e
                                        • Opcode Fuzzy Hash: 0b51ab3d9f079aa71a70c3b626835b827a1a64fd4d43529b7f7957d95d476621
                                        • Instruction Fuzzy Hash: B1E0ED362042043BC30866A9BC5DA8BBBAEE7C8338B504439F609D3349CEA54C068260
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C68A Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 039949eaf326150c7f7621be0e82faee79b615ae812c356bb09b8893640704af
                                        • Instruction ID: fda8a8429196c770f9167000e6cd37eed9dd008b22cfa4058ffb53f8ace8744d
                                        • Opcode Fuzzy Hash: 039949eaf326150c7f7621be0e82faee79b615ae812c356bb09b8893640704af
                                        • Instruction Fuzzy Hash: 23F0E9323056115FC7048F58D448D49BBF8EF8572074A816AE44997322CB20FD91C7D0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01173940 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0c6ba63ffe60ced02a12f1d43e8d64897b6d1eaf8ae432a3ac6ff10c1d76dc40
                                        • Instruction ID: 562741aa37d8de8b7259066445d032d94e70e54add2922c8d79f2d544b5613ce
                                        • Opcode Fuzzy Hash: 0c6ba63ffe60ced02a12f1d43e8d64897b6d1eaf8ae432a3ac6ff10c1d76dc40
                                        • Instruction Fuzzy Hash: DDF01930A4130DEFCB04EFB4E45959DBBB1EB45208B5049AAE4159B358EB306F548B51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117E09D Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 04a82239397988f69494394f4a38e449f432305e499c5852b3c39c43bce4edc1
                                        • Instruction ID: afd1cc35ecc75a6953c3ee707372e96c7baab976e6cf005b01c3c101b32af7c4
                                        • Opcode Fuzzy Hash: 04a82239397988f69494394f4a38e449f432305e499c5852b3c39c43bce4edc1
                                        • Instruction Fuzzy Hash: 5C01EF34A12219AFDF0ACF90D855FEEBBB2BF48300F204045E901BB3A0CB759950DB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C498 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e1cddea85b175a747e1e34a792fb349a285f6e6d2fed388d8c6d6d114388006f
                                        • Instruction ID: 4854ed287fde7daf82c369554c8f4db9a22671fc211ab70d10a665dd348c91bc
                                        • Opcode Fuzzy Hash: e1cddea85b175a747e1e34a792fb349a285f6e6d2fed388d8c6d6d114388006f
                                        • Instruction Fuzzy Hash: C1F0F471A103198FCB58EFADD8095DEBBF5FF88710B10452AE44AE3300EB746A558BD5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117475A Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: defd489c88c43fb8153535f22cde4213161659993cb5fb02e9a0d76781ee393c
                                        • Instruction ID: 9ae203e300b0a14145ab8c84f5c69ab143e398b791279d3bfec0ff0761d70f2b
                                        • Opcode Fuzzy Hash: defd489c88c43fb8153535f22cde4213161659993cb5fb02e9a0d76781ee393c
                                        • Instruction Fuzzy Hash: 5B0181709047458FE715DF36E408552BFF1FF99308B018A6FE88A83656DB30585ACF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01172D60 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d1c0e020839800350d74533e2d1c423e7b7f35e09865107e9187c9432ccef13
                                        • Instruction ID: b41b965df4b9363e9cbccde57b4654ad8fc5773cd70e31f777fe1ff02283e68b
                                        • Opcode Fuzzy Hash: 2d1c0e020839800350d74533e2d1c423e7b7f35e09865107e9187c9432ccef13
                                        • Instruction Fuzzy Hash: 4AF0E276E490608FD7155BB4E819198BB24DB9A21231544A6F806C7391D736CD13C741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D7CD1 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 626d5cd376efc58ba81a6dca6d7f9b971bf89b195af9bb72a64cbe0f7657bd72
                                        • Instruction ID: 3a8d104d57b4b1e5e0fe7d1e3c080fceeb78722037094fd3200dbe44d0d4fa41
                                        • Opcode Fuzzy Hash: 626d5cd376efc58ba81a6dca6d7f9b971bf89b195af9bb72a64cbe0f7657bd72
                                        • Instruction Fuzzy Hash: BEE092323042001FD748A62598605DB6F97EBD63A57D980BA9449CF7A2C96ACC07C361
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D3280 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c201cb3636662d0acd8fec7352991b2d958c0294b80bedf62d5eedea441894f
                                        • Instruction ID: d3208954819c9cdd42570d64c485e254ba7c58b98b36016ed8ab11439ad42cc6
                                        • Opcode Fuzzy Hash: 3c201cb3636662d0acd8fec7352991b2d958c0294b80bedf62d5eedea441894f
                                        • Instruction Fuzzy Hash: 6AF02072A063510BE332974DE858EBE6FA4BF82364B45807AE444CF256DBA1CD4093A3
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117868C Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1648e467bd7bf6e5dd1aed664c5d2c097c4934c7c2f54a2a0cab40873db1114e
                                        • Instruction ID: 047cbbeab343f5bd23de6b8bce4baa418260a329ecf98cecebb9a347642d48af
                                        • Opcode Fuzzy Hash: 1648e467bd7bf6e5dd1aed664c5d2c097c4934c7c2f54a2a0cab40873db1114e
                                        • Instruction Fuzzy Hash: F9F02E315057609FC318D775D8490DE7FE1EF813043908DADD0C68BA65E720AA4A9351
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C698 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 78da0ce8362e2cfb051af930b7c622a664954347a382aab956d2bef07c5310d9
                                        • Instruction ID: 693022a978b8868b63782b6bc2e7aaea56680e45f7763279bb7342dc86375deb
                                        • Opcode Fuzzy Hash: 78da0ce8362e2cfb051af930b7c622a664954347a382aab956d2bef07c5310d9
                                        • Instruction Fuzzy Hash: D8F0A0323026269FC7048F2CD448C49BBF9AF866203198199E44987321CB20FD91CBD0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01174768 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 28b91e817ab3c697986e473461a9dccf3f5af42e5693c86f3486edf3d1ced7f4
                                        • Instruction ID: 8b99f076880597c64e49eb6b51ce009df63b62312b5cf9a1840eb0e8b83a589f
                                        • Opcode Fuzzy Hash: 28b91e817ab3c697986e473461a9dccf3f5af42e5693c86f3486edf3d1ced7f4
                                        • Instruction Fuzzy Hash: 41F0F930940B058FE714DF26E548556BBF5FB99309700892AE84A83B15DB70A856CF54
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D3290 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 380c08c8a85bb81cdcf3670b9faa7fdd8822a7dc3846ab8688ccaf7010c3d4e8
                                        • Instruction ID: 65cfd60ced71ac1e83245f0325faad3decbfa97aee2598508eadb7e4e0a95f4c
                                        • Opcode Fuzzy Hash: 380c08c8a85bb81cdcf3670b9faa7fdd8822a7dc3846ab8688ccaf7010c3d4e8
                                        • Instruction Fuzzy Hash: C5E0D832A0621053D331938ED854FAE6B88FF863B4F444435D404CF301DE51DD4093A3
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D16B8 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6be2c87441445bdc69653b9be48ddc7496dd67c01ef651e20f3a769727fb6f1f
                                        • Instruction ID: 37de992b4ba6be7c8114f89160e266b78a6304e7b31ab4edeb27037060bf9938
                                        • Opcode Fuzzy Hash: 6be2c87441445bdc69653b9be48ddc7496dd67c01ef651e20f3a769727fb6f1f
                                        • Instruction Fuzzy Hash: 97F0A034608B604FDB32976C948465A7FF47B46214F0804AEC686CBE86EBB6E841C791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C438 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7f573acf2791b2c21f0002428d03482e8f7a8721dc5639d0b9c38957159fcbfe
                                        • Instruction ID: bb9cb1badb37288a36060045111e2f3709a448ae879e960d63124933ff3422e7
                                        • Opcode Fuzzy Hash: 7f573acf2791b2c21f0002428d03482e8f7a8721dc5639d0b9c38957159fcbfe
                                        • Instruction Fuzzy Hash: E9E0DF353042446BC30876AEB85889BBEAEE7C83743904439F60E83349CE611D1593A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D7CE0 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d607133b6dd0d46188613b64ae50b72c67c7b047e69cc6ca046c6c70afc07c0b
                                        • Instruction ID: 1d5cac27e02813820bd14dbcf9cec08af11335a8b1bc11bc49533b70346313c1
                                        • Opcode Fuzzy Hash: d607133b6dd0d46188613b64ae50b72c67c7b047e69cc6ca046c6c70afc07c0b
                                        • Instruction Fuzzy Hash: 28E086323002041BD648B626985059BAA8BE7C63A5BD4C079990A9B345CD66DC06C3A5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D16C8 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 244921c3ed1ca64f638f0dd897c5e1c71fa4a7f29a2290b93780743e46f37fc1
                                        • Instruction ID: 342c27c226fd3e86cfcee6830853ae4101d49b6ddf39e7da80db680cb1746041
                                        • Opcode Fuzzy Hash: 244921c3ed1ca64f638f0dd897c5e1c71fa4a7f29a2290b93780743e46f37fc1
                                        • Instruction Fuzzy Hash: 48E0ED34700B208FE735937C919426B7BE57B88268F04406EC68ACBF42EB71E841CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117E4E8 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5ac1c4977122da5c954238f5205a4feff4a6c4e0ba18ec421d37e6bd0d2942df
                                        • Instruction ID: 8c9a479576099ad200655a29f76dfbd37d2c004b159b9d559aadd027a9e80674
                                        • Opcode Fuzzy Hash: 5ac1c4977122da5c954238f5205a4feff4a6c4e0ba18ec421d37e6bd0d2942df
                                        • Instruction Fuzzy Hash: FAF015B5D0528A8FCB44CFA8D481AAEBFF1AB48300B1581AAE468E7711E3344A41CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01174F1A Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3560279b0dd4738cbceba845579ec1ce4d2e4ce58bb632f455db9679b0ea5c05
                                        • Instruction ID: 9a16668d2b996a53b0371dd9b5cd6b48576afb59668e03287ccaba540e8ce749
                                        • Opcode Fuzzy Hash: 3560279b0dd4738cbceba845579ec1ce4d2e4ce58bb632f455db9679b0ea5c05
                                        • Instruction Fuzzy Hash: A7E0E57161C3894BC706D72CB4601DD7BB1DE8A2183060D96E494DB707D7515E268746
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D0920 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4ee0c64b861eab37cc409fe461765dc619c49ad4c4b8665d52ddce4d553f8c5
                                        • Instruction ID: 4a524787c2df0ec96cc6ab6c3eb0f89149714d1513700bbb3a5c5e699c1df995
                                        • Opcode Fuzzy Hash: a4ee0c64b861eab37cc409fe461765dc619c49ad4c4b8665d52ddce4d553f8c5
                                        • Instruction Fuzzy Hash: 48E0D8703093115FEA2167ACB424BAE37E6AB8D600F0145BDE485EB3C5DB548C46CB92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D5BD0 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c79adf0fe7ce0123fbc41c0ece0c910fbebafa079f3b70a46964be0dd5a898e4
                                        • Instruction ID: 1c861fc7ae6bb3601489fea2ffcad0150912452ba4f9bdda7a06c5524251fdec
                                        • Opcode Fuzzy Hash: c79adf0fe7ce0123fbc41c0ece0c910fbebafa079f3b70a46964be0dd5a898e4
                                        • Instruction Fuzzy Hash: F0E039B1D101199FCB60DAACC9002AEBAF4BB08240F00857AD90AEB200E2309A408BD0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D9278 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ee3ca3cada171688faa596de2e0fe270cdd1ccd7feae4aafdc8ae08be5f4216c
                                        • Instruction ID: e628f75ce53611c0c06d7dd8a060cdfbe5e466546b915ff9ba5c19142b745ea9
                                        • Opcode Fuzzy Hash: ee3ca3cada171688faa596de2e0fe270cdd1ccd7feae4aafdc8ae08be5f4216c
                                        • Instruction Fuzzy Hash: B0E04872D04218DFCB40EFA899061DEBFF5EB49325F1444B6D959E7204E7718A50CBD1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D1E70 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d833dcbeb5c0f31aa688f177f88781d88f663c5a9ce73b7f1b09cbad68f58e7d
                                        • Instruction ID: 4713f1d7934ba9b3a1cf250e79619886a70191349e21d9539b7ff6cc4d1b7237
                                        • Opcode Fuzzy Hash: d833dcbeb5c0f31aa688f177f88781d88f663c5a9ce73b7f1b09cbad68f58e7d
                                        • Instruction Fuzzy Hash: A7E0D8306086229FD72553DCDD709AD26A9AF86254B050169D9418F3C5CB604C41E7A2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D9230 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 53048c6ac93de78d8b7424d2f63a6bdeaa16d0cc0ca544204824a01bccb75e47
                                        • Instruction ID: 160e906cdd35def6627e4b88ae30ae2e4a31a3dd552fe47be8aeb1bd665e9f04
                                        • Opcode Fuzzy Hash: 53048c6ac93de78d8b7424d2f63a6bdeaa16d0cc0ca544204824a01bccb75e47
                                        • Instruction Fuzzy Hash: 17E0E5B1E01128EF8B94EFA8D9055EEBBF4EE48254B11417AE80AE7201E7714A11CFE0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01178640 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d89dbbcfd8f79d043952155861744869886e7abb31d3ae3d0b1427b3b48005bf
                                        • Instruction ID: 043729e8dbc2e003fa6d9dfe38615b17eafdbf412051f69b2f983ada8d2484b5
                                        • Opcode Fuzzy Hash: d89dbbcfd8f79d043952155861744869886e7abb31d3ae3d0b1427b3b48005bf
                                        • Instruction Fuzzy Hash: 49E0D8305117205FC31CE766D45A4CFBBDAAF853283908D7DD08A87A18DF70BE494692
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D93F0 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9eff6f31316ebf81be79e6b55a67c6ec0cdbb5080e31a4b91905cab700fce96b
                                        • Instruction ID: 55e7a4e60c8539cc58d291c5abce06d6c928e52e02ff8104edc7ec8509ea2d67
                                        • Opcode Fuzzy Hash: 9eff6f31316ebf81be79e6b55a67c6ec0cdbb5080e31a4b91905cab700fce96b
                                        • Instruction Fuzzy Hash: 44E06D32A09389EFCB02DBB4945019DBBF1EF4220271144EAD045DB215DA300F05A701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D20B2 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7d4f0dcbdf55bd907c9d404b5da3aa0c47c4d9941e974e7de0aed9aa681e109d
                                        • Instruction ID: 548f9d583a3a19791cf629ff7b7b171963dc4add97ad0a2e503ccef763001f45
                                        • Opcode Fuzzy Hash: 7d4f0dcbdf55bd907c9d404b5da3aa0c47c4d9941e974e7de0aed9aa681e109d
                                        • Instruction Fuzzy Hash: F7E0DF349013448FC7626B6CC8602D83BE2BB85368F6489AD8085CE152DB298CC3DF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01170857 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0dd9e9e31896a88532e8ce1a9cf3d62c61f314bf959fe615c9a4fa7030bfc476
                                        • Instruction ID: 05f1fe35df6ce93e88064125faf01d85c6ca933c497ae72780cba9f21c093016
                                        • Opcode Fuzzy Hash: 0dd9e9e31896a88532e8ce1a9cf3d62c61f314bf959fe615c9a4fa7030bfc476
                                        • Instruction Fuzzy Hash: 8FE0923150938DEFC705DFB4D81258DBFB5AB02114B1485FED858D7256E6322F05D792
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117B1C9 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b237fea3b0acfa40d0e33ba1d7f30d6736b463c9e07a844d949ac52fc50737d5
                                        • Instruction ID: 66b9d72d9c31db6e64a509eca6d80900b3e95bf1cc2f7508777edb69de24a336
                                        • Opcode Fuzzy Hash: b237fea3b0acfa40d0e33ba1d7f30d6736b463c9e07a844d949ac52fc50737d5
                                        • Instruction Fuzzy Hash: B4E07D71B042408FC714AB3CAD495853FB09F4211534501D7E205C7373D731CC15C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01176861 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ff08009519c412c4eab396694a7853a45f1f691cf88e9e5df7eb72b0e484c585
                                        • Instruction ID: 9ed687d99c500ebf7f4b28a01380ba6f29c8ca92582bd81f78a2c1a7e68c47af
                                        • Opcode Fuzzy Hash: ff08009519c412c4eab396694a7853a45f1f691cf88e9e5df7eb72b0e484c585
                                        • Instruction Fuzzy Hash: 4EE09A3160C2C80BC702A7BCA86009D3FB2DA8A12074A0AC9E4868730AD2141C07CB45
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117B3A0 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ef44afe7daefedd8283d2bf246116feff05ca5d099b2cd053bd547f97dba33d7
                                        • Instruction ID: 27cfdee418802130a661ac498aa9a191ac92f1b8c46aff14782453b271bc9b43
                                        • Opcode Fuzzy Hash: ef44afe7daefedd8283d2bf246116feff05ca5d099b2cd053bd547f97dba33d7
                                        • Instruction Fuzzy Hash: E2E02B339483B46FC701D6E8A820CDA7FB98A82060B4548FFD559D7A43FAA41E0483D6
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117C3E0 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 719171fe2c19cffc6ee2eab7349ed2ae6c858b8edac15e9582da5df7675fa7a3
                                        • Instruction ID: 2a8a8050b3f5c0bd1a1ae1232c1c557f66bc29f84545f304bcdbf777d75579c5
                                        • Opcode Fuzzy Hash: 719171fe2c19cffc6ee2eab7349ed2ae6c858b8edac15e9582da5df7675fa7a3
                                        • Instruction Fuzzy Hash: 25E08675B4C0898FDB09DF68D86971277E2DB44318F548498EC958779EC678CC51CB80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117E4F8 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 76c5d46b151d90dd320b1cfe6b214f32c6c7a91ebd6f1cb4121cfb60eaba79a9
                                        • Instruction ID: 5041a3f613bfb954637ef21b9a89584b5e2fb502011f89d9ef1e2c7603b47dda
                                        • Opcode Fuzzy Hash: 76c5d46b151d90dd320b1cfe6b214f32c6c7a91ebd6f1cb4121cfb60eaba79a9
                                        • Instruction Fuzzy Hash: A8E07EB4D0520D9F8B98EFA9D4415AEBFF8AB48200F10816AA928E2244E6345A91CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D9240 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bbbf5602e3e3b5788b29a632bf2ae5623d388ba05c816fb9edff00a99c0405a6
                                        • Instruction ID: 47ebcf2a4992510712fced402da4cf9747715cb691e7daa9d3a94f5661efb47f
                                        • Opcode Fuzzy Hash: bbbf5602e3e3b5788b29a632bf2ae5623d388ba05c816fb9edff00a99c0405a6
                                        • Instruction Fuzzy Hash: 45E0ECB1E00119DF8B50EFADD9051DEBBF8EA08250B104476D519E7204E7315A10CBE1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D9288 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be5d5471aad109b83c6f9d8baf797c9691a8745eb6e7779a27397daf1826bf5f
                                        • Instruction ID: bb9733368aa3c64ae88236911b24f86a6d93384cdc9bdc9ef368b2f95455e619
                                        • Opcode Fuzzy Hash: be5d5471aad109b83c6f9d8baf797c9691a8745eb6e7779a27397daf1826bf5f
                                        • Instruction Fuzzy Hash: 3FE0B671D002189FCB80EBA8990529ABBF4AB08215F1044769519E7204E6719A50CBD1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01170868 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 17ff4fcbcec9417e4a9601f52f0a113205303e7a30954a3bf4e8183fe439d49c
                                        • Instruction ID: 418f25327efd3ce7a93f010740ce589c55743901b306ee1cb36189f6f3dabd95
                                        • Opcode Fuzzy Hash: 17ff4fcbcec9417e4a9601f52f0a113205303e7a30954a3bf4e8183fe439d49c
                                        • Instruction Fuzzy Hash: 68D05E30A0130DFF8B44EFA4D90299DB7FAEB44214B5084E9D818E3354EB322F14DB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117B3B0 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bbbbf51717a3949b6abc28aed90ca026ccfdf46a59631edf3d94e7c1971c5636
                                        • Instruction ID: 789719c3f76cbe9b9fbebe45009ebff732c5db08a72d8c3428b823bba084f2f8
                                        • Opcode Fuzzy Hash: bbbbf51717a3949b6abc28aed90ca026ccfdf46a59631edf3d94e7c1971c5636
                                        • Instruction Fuzzy Hash: 9ED012326043286F0714DAED98518DF7BEDCA841B4B40486BD609D7741EFB11A4443E9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D9400 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 973be539811b334e19ac8e18790b201ceca9a36e909ecb49e4d4c37f859b449e
                                        • Instruction ID: 148800b347e9f01867ac30070c664aeee45c68a91e9afc3699ecb3b891f2df41
                                        • Opcode Fuzzy Hash: 973be539811b334e19ac8e18790b201ceca9a36e909ecb49e4d4c37f859b449e
                                        • Instruction Fuzzy Hash: CDD01772A1030DEF8B00EFA4E94159DB7F9EB45215B6048A9D408D7218EA716F00AB80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D0B08 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cab90e3167ea7a429431a52e98f705bbdc4cfd430d3c56fc434ac170854492f2
                                        • Instruction ID: 300e2acd06eaff489e891a1688fdaa7b5d78ef77cd89a46147b074551a2229b6
                                        • Opcode Fuzzy Hash: cab90e3167ea7a429431a52e98f705bbdc4cfd430d3c56fc434ac170854492f2
                                        • Instruction Fuzzy Hash: E4D012366043286B0715DAED58118DE7BDDDA851B4B40486AE50EDB340EE711E8042E9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01175F87 Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: df9760cdd746bf0718a8fa0d0c8ea95710d063fbb41f7775c46e9e0fcf28e9b2
                                        • Instruction ID: 3f52fcfa0a6e6535865ecef63782a1959376f265c55c5751e7888fc1d3658ecc
                                        • Opcode Fuzzy Hash: df9760cdd746bf0718a8fa0d0c8ea95710d063fbb41f7775c46e9e0fcf28e9b2
                                        • Instruction Fuzzy Hash: 32D05E3130C398CB8B01E72CB87048D3BA2DB8D5243010E49F4508770AD7A05E4A9780
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117B380 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3256d555a00771fb4ba605985764a888ad78a6c6f00adb88d2ec55a30647c41c
                                        • Instruction ID: b5cd316f02fadeef3689c437180e96c38c03f25802ee1b9c8ab1e4e8ed46a14d
                                        • Opcode Fuzzy Hash: 3256d555a00771fb4ba605985764a888ad78a6c6f00adb88d2ec55a30647c41c
                                        • Instruction Fuzzy Hash: 3EC0128210E2D21EC31792304D229CA2F21186319038F8AC280C4AF6A3C518890A8372
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01175FBF Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ab1a7abad078ba272459341ed985a6d237ca3098e1b9092ebe61332c7f5e240b
                                        • Instruction ID: fb5e39569b7350cf4bbaf400a26bc7e2e576001e62fd29222ba4f8dd58a8af65
                                        • Opcode Fuzzy Hash: ab1a7abad078ba272459341ed985a6d237ca3098e1b9092ebe61332c7f5e240b
                                        • Instruction Fuzzy Hash: B0D0123110E3D08FD741D76CBD715C43B60DE5A51034409C2E0408B32BD2905E47A791
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D7D40 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ae46a1d608c9b0af4ecc4662098159f3c739b35b30b0e3285415216d88e86c5
                                        • Instruction ID: dac1d7f0f54e87dcb4b011ae0fdb9b36d7920f46781f4e666942a615e538a079
                                        • Opcode Fuzzy Hash: 0ae46a1d608c9b0af4ecc4662098159f3c739b35b30b0e3285415216d88e86c5
                                        • Instruction Fuzzy Hash: 80C09B355443851BCB017D594D429C02BE0F9152103C901D56084DF616E11CCB1E5654
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01170840 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e9735cccf6d0915977c371230327b3e3af705e7128298dabfade67e241e5cf35
                                        • Instruction ID: d3737e084902b04d598d009715f63a8a8eeb03a036db64512fc81708b09ad97f
                                        • Opcode Fuzzy Hash: e9735cccf6d0915977c371230327b3e3af705e7128298dabfade67e241e5cf35
                                        • Instruction Fuzzy Hash: A3C0012640F3C01ACF179B3544646987F309903528B2A44EBC080CD073A1264A4EC326
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 015D83C0 Relevance: .0, Instructions: 7COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8f52994ccee8ffd47f6f4b79b3b2725f633d1d5cac02e3b4d935ae77536ef4f7
                                        • Instruction ID: 4fa85df8f15a00183e478b33201d2b323775b83dd09e13ee355aef71e192267f
                                        • Opcode Fuzzy Hash: 8f52994ccee8ffd47f6f4b79b3b2725f633d1d5cac02e3b4d935ae77536ef4f7
                                        • Instruction Fuzzy Hash: 88C0921A84EAC68EDB029B6958654A13F215A2A0403CC00CAE2D19F663D498490AA7A9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 015D5048 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151690283602.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_15d0000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: 856cf5c7cf501fe70938d42d4e777c719afb637488f3e1999ebb661a2e07d2dc
                                        • Instruction ID: 47b90d0c9c5e09974b77ae642ad49911ea9a362560018b81a64642903a8d7a28
                                        • Opcode Fuzzy Hash: 856cf5c7cf501fe70938d42d4e777c719afb637488f3e1999ebb661a2e07d2dc
                                        • Instruction Fuzzy Hash: 8832E671A10219CFDB24CFA8C884A9DB7B6FF88304F258669D519AF356DB30E941CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0117F8C8 Relevance: .4, Instructions: 369COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.151680946977.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_1170000_file.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e94e45c217fe56b17c082937d2f360931195dc696b6f7f20b1c29f23ab51216
                                        • Instruction ID: db577a962b1a9fefa6c16b67d9668defe8b7153f3697cf5a8cb52d62e29adefa
                                        • Opcode Fuzzy Hash: 1e94e45c217fe56b17c082937d2f360931195dc696b6f7f20b1c29f23ab51216
                                        • Instruction Fuzzy Hash: 83D19234B002158FC718DBB8C464AAE7BFAEF89314B158469E915DB3A5EF30DD02CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%